An investigation by the foundation showed that the address was compromised because the private key of buyback address was stolen during the process of creating the wallet. This was a result of negligence by the staff member.
At the moment, nothing less than 1.1 billion VET tokens in the buyback address was moved to 0xD802A148f38aBa4759879c33E8d04deb00cFB9, which is the address of the unknown hacker(s).
Hackers Address Tagged
To make it impossible for the hackers to cash the funds out, VeChain foundation has tagged the address on the VeChainStats, with the list updated the moment the funds are moved from the original hacker’s address.
Since the horrible incidence, the foundation has been monitoring every move by the hackers, to make sure the fund is not cashed out at the end of the day. However, the attack does not mean every wallet on the VeChain network is not secured.
For now, VeChain has notified every exchange to blacklist and freeze any fund coming from the address. While the foundation has launched a special investigation on how everything happened, it is trying to prevent total loss of the fund, and it won’t be possible for the hackers to withdraw the fund.
“Security breach was most likely due to misconduct of one of the team members within our finance team, who have created the buyback account without thoroughly obeying The Standard Procedure approved by the Foundation, and our auditing team did not pick up this misconduct, due to human error,” VeChain Foundation has said.
At the moment, VeChain has employed the service of Hacken and its whitehat community, and vechainstats.com teams to ensure that the fund is monitored.
With that in place, VeChain has reported the matter to the law enforcement agencies and will ensure that other crypto assets in its custody are secured and not vulnerable to attack.