VeChain Foundation Hacked and VET Tokens Stolen
On December 13th, the VeChain Foundation’s buyback address was compromised due to human error by staff members of the company. During the wallet creation process, the private key of the buyback address was stolen. The VeChain Foundation state that the security of their mainnet and official mobile wallet are still intact and have not been affected in anyway as this was due to the negligence of a staff member.
The hacker managed to transfer 1.1 billion VET tokens into the 0xD802A148f38aBa4759879c33E8d04deb00cFB92b address. Thankfully, VeChain were on top of this quickly and managed to tag the address on VeChainStats and have contacted exchanges to make sure this address cannot transact them.
VeChain have taken steps towards making sure the security of their network and wallet are still sound. They have also enlisted the help of Hacken to assist with monitoring and containing the stolen tokens, as well as contacting the Singapore law enforcement to make sure nothing like this happens again.
“We will continuously monitor the situation and work diligently with cybersecurity and law enforcement professionals to add more clarity to the situation and mitigate as much as possible.” VeChain have stated.
The cause of this hack was human error, and the Vechain Foundation have said the following on why they think this happened:
“We have narrowed down the possibilities enough to lead to a highly probable theory. Security breach was most likely due to misconduct of one of the team members within our finance team, who have created the buyback account without thoroughly obeying The Standard Procedure approved by the Foundation, and our auditing team did not pick up this misconduct, due to human error.”