VeChain Foundation, the Singapore-based nonprofit behind the development of the VeChain public blockchain platform, has announced that their buyback’s wallet address was compromised by an unknown hacker at 12:27 pm ET on Friday.
1.1 billion VET tokens, which approximates to $6.7 million, were transferred to the address 0xD802A148f38aBa4759879c33E8d04deb00cFB92b.
The funds represent slightly more than 1 percent of outstanding VET, which holds a fixed supply of 86.7 billion tokens, according to data provider Messari.
VeChain believes that the hacking was the result of human error within its finance and auditing teams. They stated that it does not represent any inherent flaw in its regular procedures or hardware wallet solutions.
“Security breach was most likely due to misconduct of one of the team members within our finance team, who have created the buyback account without thoroughly obeying The Standard Procedure approved by the Foundation, and our auditing team did not pick up this misconduct, due to human error,” VeChain wrote in the announcement. “We would like to emphasize that the incident is in no way related to the effectiveness of the actual Standard Procedure or VeChain’s hardware wallet solutions.”
Established in 2015, VeChain functions as a blockchain-based lending platform that assists customers in establishing the quality of the products purchased through supply chain analysis.
VeChain features two tokens, notably VeChain Token (VET) and VeThor Token (VTHO). VET is deployed to render payments across its network, whereas VTHO is utilized to carry out smart contracts and run applications on the blockchain.
As a result of the security breach, VeChain has provided a link with the list of addresses belonging to the hacker for purposes of being able to track additional addresses interacting with the hacker’s address immediately. Moreover, the firm has asked all exchanges to flag and freeze any stolen funds coming from these addresses.
In late November, South Korean cryptocurrency exchange Upbit was compromised and hackers managed to steal $50 million in Ethereum (ETH).
Security incidents compromising team-owned addresses are relatively uncommon. This makes that the VeChain security breach more mind-boggling.