The company believes that the hack was the result of human oversight on the part of its finance and auditing teams. They said it does not reflect any inherent flaw in its standard procedures or hardware wallet solutions.
“Security breach was most likely due to misconduct of one of the team members within our finance team, who have created the buyback account without thoroughly obeying The Standard Procedure approved by the Foundation, and our auditing team did not pick up this misconduct, due to human error,” says the announcement. “We would like to emphasize that the incident is in no way related to the effectiveness of the actual Standard Procedure or VeChain’s hardware wallet solutions.”
Established in Singapore in 2015, VeChain features a blockchain-based lending platform that helps clients determine the quality of the products bought through supply chain analysis. The platform features two tokens—VeChain Token (VET) and VeThor Token (VTHO)—with the former used to make payments across its network and the latter used to perform smart contracts and run applications on the blockchain.
Since the hack took place, the VeChain team has compiled a list of addresses associated with the hacker’s address and asked all exchanges to flag and freeze any funds coming from these addresses. The company has also reported the incident to Singapore’s law enforcement and recruited cybersecurity services provider Hacken to figure out details of the hack.