VeChain Loses $6.6M in VET Tokens to Hacker in Attack on Buyback Wallet

Published at: Dec. 13, 2019

Note: This story has been updated to provide more details about the incident.

VeChain Foundation’s wallet has been compromised in a hacker attack targeting funds earmarked for the foundation’s buyback program.

Per a VeChain Foundation announcement on Dec. 13, an unknown hacker has redirected 1.1 billion VET tokens — valued at approximately $6,600,000 at press time — from the VeChain Foundation’s buyback wallet to a personal wallet address.

Security breach is likely a result of internal misconduct unnoticed due to human error

In the initial update on the incident, VeChain Foundation noted that the hack is in “no way related” to the operations of the actual standard procedure or VeChain’s hardware wallet solutions.

According to the statement, the VeChain’s security breach was likely due to misconduct of one of its staff members in the finance team. Specifically, the person has allegedly created the buyback account partly violating the standard procedure approved by the Foundation. The auditing team did not pick up the misconduct due to human error, the announcement notes.

Measures to mitigate the situation and add more clarity

In the same announcement, the Foundation has listed a number of measures designed to mitigate the incident and get more clarity. As such, the firm provided a link with the hacker’s address tagged on VeChainStats in order to instantly trace other addresses interacting with the hacker’s address.

As part of their efforts, the company notified all exchanges to monitor, blacklist and freeze all funds coming from the attacker as well as withdrawals from the corresponding exchanging wallets.

Additionally, VeChain has launched a security investigation on other crypto assets that are subject to the custody of the Foundation to prevent further breach. The Singapore-based firm also reported on the incident to law enforcement in Singapore and will keep monitoring the situation and working with cybersecurity and law enforcement professionals to add more clarity, the statement notes.

VET token slides over 4% amid the hack

VeChain is a major cryptocurrency and blockchain platform designed to enhance supply chain management and business processes. VET token is ranked the 28th largest crypto asset by market capitalization of $325 million at the time of this writing. Following the news, the token dipped over 4% with the market cap dropping to a low of $320 million. The altcoin is seeing a slight recovery at press time, according to Coin360.

VET 24-hour price chart. Source: Coin360

VeChain, which is known for providing its blockchain Thor blockchain for Walmart China’s blockchain platform, has recently partnered with Cointelegraph Consulting, a division of Cointelegraph aiming to contribute to the global adoption of blockchain technology.

Tags
Related Posts
Immunefi partners with Binance Smart Chain on bug bounties to secure BSC projects
Immunefi, a security service outfit that specialized in decentralized finance (DeFi) projects, has inked a collaboration with the Binance Smart Chain. According to a release issued on Friday, Immunefi will work in collaboration with BSC to improve the security of projects on the Binance chain. As part of the partnership, ethical hackers who take part in a campaign to discover vulnerabilities in BSC-based projects will earn rewards. As a security outfit, Immunefi has reportedly paid more than $3 million in bug bounties to ethical hackers. Major BSC protocols such as PancakeSwap, DODO, and Zapper among others are already deploying the …
Blockchain / July 9, 2021
Blockchain Voting is Vulnerable to Hacking and Low-Quality Data: Research
Nir Kshetri, a professor of management at the University of North Carolina, has suggested that before blockchain-based voting can be considered safe and trustworthy, some major issues must be resolved. In an article published on Oct. 18, Kshetri claims that “small-scale tests run so far have identified problems and vulnerabilities in the digital systems and government administrative procedures” that must be solved before adopting the technology. Hard to audit Per the report, such systems need to verify voters’ identities — often by analyzing a portrait photo or video with facial recognition software. According to Kshetri, contemporary voting tokens are anonymous …
Blockchain / Oct. 19, 2019
World Economic Forum Releases Report About Blockchain Cybersecurity
The World Economic Forum (WEF) released a report about blockchain cybersecurity on April 5. The report points out that most data breaches do not result from the level of skill of the hackers, but instead happen because appropriate security measures often are not implemented. The WEF further claims that while attackers do compromise blockchains themselves, they much more often try to exploit or compromise their deployment. The WEF references the data breach of retail giant Target, which lead to both the CEO and chief information officer being fired, also mentioning that the director of the United States Government Office of …
Blockchain / April 8, 2019
Cross-chains in the crosshairs: Hacks call for better defense mechanisms
2022 has been a lucrative year for hackers preying on the nascent Web3 and decentralized finance (DeFi) spaces, with more than $2 billion worth of cryptocurrency fleeced in several high-profile hacks to date. Cross-chain protocols have been particularly hard hit, with Axie Infinity’s $650 million Ronin Bridge hack accounting for a significant portion of stolen funds this year. The pillaging continued into the second half of 2022 as cross-chain platform Nomad saw $190 million drained from wallets. The Solana ecosystem was the next target, with hackers gaining access to private keys of some 8000 wallets that resulted in $5 million …
Blockchain / Aug. 11, 2022
Crypto app targeting SharkBot malware resurfaces on Google app store
A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …
Blockchain / Sept. 5, 2022