The VeChain Foundation has announced that “human error” led to the theft of $6.7 million worth of VET tokens last week.
The hack occurred after a member of staff reportedly mismanaged the company’s private keys, which caused a buyback address to be compromised.
VeChain claims to have conducted a “responsive investigation” and determined the incident was caused after the private key for the buyback address was stolen during the wallet creation process “due to negligence of the staff member”.
The company goes on to confirm that both the security of the VeChainThor mainnet and its official mobile wallet have not been affected “in any way or form”.
How has VeChain responded?
Approximately 1.1 billion VET tokens were stolen, worth roughly $6.7 million at the time of the theft. The tokens were sent to an individual address.
Any and all addresses associated with the hacker’s address have been tagged on ‘VeChainStats’ – a list which is automatically updated should the thief send any funds from the address.
The VeChain Foundation has been tracing the transfer of the hacked VET tokens in real time and has taken a number of steps to “contain the situation”.
The firm has notified all exchanges to monitor, blacklist, and freeze any funds coming from the thief’s wallet and any withdrawals from the corresponding exchanging wallets. It has also paid special attention to the exchanges where the hacker has sent funds to.
VeChain has also launched an investigation to discover the motive, method, and data flow behind the malicious act.
It speculates the most probable theory behind the incident began with one of its finance team members who created the buyback account without “thoroughly obeying the standard procedure” approved by the Foundation. The auditing team then did not pick up on the problem due to “human error”.
“The responsible person without following full compliance will hold full accountability and consequences of internal management actions,” the company writes.
The VeChain Foundation has enlisted third-party blockchain data management and cybersecurity experts to help its efforts.
It has also initiated an immediate security check on the other crypto assets held under the Foundation’s custody to ensure no further breach will occur.
The company claims this announcement was an initial update to inform VET token holders of the situation, with a more detailed account set to follow once the company has more clarity on the situation.
Interested in reading more VeChain-related stories? Discover more about the Game of Thrones-inspired Adidas trainers which feature NFC chips powered by VeChain.