VeChain Theft Incident Report

4 min readDec 17, 2019

Hacken, as well as the 2,000 white hat hacker’s community, is focused on finding the thief who stole funds from VeChain Foundation’s buyback wallet. At Hacken, we made every effort to limit the thief’s ability to withdraw stolen funds. We are investigating and will soon figure out the thief.

The Singapore-based VeChain Foundation’s buyback wallet was compromised by a thief at 12:27 UTC on Friday. The funds being withdrawn to a private address. The stolen funds represent a little over 1 percent of outstanding VET, which has a fixed supply of 86.7 billion tokens.

In cooperation with the VeChain Foundation and Vechainstats, we are tracing and monitoring all transactions made by the thief. We are monitoring the blacklisting process at all major exchanges that have VET liquidity. All exchanges were immediately informed and the thief’s addresses were blacklisted.

When the funds were removed from the original buyback wallet the thief immediately split the amount into many new wallets. They wanted to make it as hard as possible for the exchanges to track the addresses but when the thief sends funds to a new wallet, those new wallet addresses are also blacklisted on all exchanges. Currently, there is almost no chance for the thief to move the funds to exchange and cash them out. The blacklist works pretty efficiently.

The thief has been recently trying to avoid the blacklist algorithms. They have been sending small amounts of VET (up to 10,000) to newly created and whitelist addresses to see how the blacklist works and how they could try to potentially bypass the blacklisting on exchanges. However, we are very confident that the thief will NOT be able to bypass our monitoring and blacklisting. Hacken in cooperation with the VeChain team has also been monitoring any abnormal deposit amounts on to smaller, less liquid exchanges. Due to the quick reaction to the incident, all exchanges with VET liquidity were notified individually before the thief had time to deposit the VET.

Currently, there is no real chance for the thief to withdraw funds through the exchanges so the only way is to sell the compromised VET on the OTC market. We expect that he/she will try to sell them at a significant discount in the short future. We are actively monitoring the situation and ask all community members to immediately report any suspicious or irregular behaviour. All transactions the thief continues to make along with any new wallet will be automatically blacklisted, leaving them no chance to trade any of the VET on exchanges. So please be attentive to all suspicious offers of VETs on the OTC market. You can report on any suspicious activity on support@hacken.io or in our official telegram chat @hacken_en.

We do not currently know who the thief is but we know that there is no chance to withdraw this theft VETs out. In the best-case scenario, he/she will just lose several hundred hours of his life with zero tangible results. In the worst-case scenario, he/she makes a mistake and will be chased by the prosecutors.
Hacken, as an organization with more than 2000 affiliated whitehat hackers representing justice and righteousness, is making it known at this moment that we have eyes all over the thief and we will relentlessly continue to come after him/her. Furthermore, I encourage anyone (regardless of identity or background), who has any information or access to the stolen funds to present this to support@hacken.io or my personal telegram: @budorin , which we (Hacken Foundation) and VeChain Foundation will make them eligible for a percentage reward. I guarantee your privacy and identity upon request, with no questions asked. — said Dmitriy Budorin, CEO and founder of Hacken, a cybersecurity consulting company.

The investigation is still in process and we are figuring out how it happened to prevent new incidents. We will update you on the results soon.

If you have any information or access to the stolen funds and would like to contact Hacken, please email us at support@hacken.io. We will require proof and evidence of your access to the stolen funds if you choose to opt for VeChain Foundation’s reward, which Hacken will facilitate together with VeChain.