The VeChain Foundation updates the cryptocurrency community on the recent buyback wallet hack. Following the agreement of the Authority Masternodes, by way of voting, VeChain released a patch to freeze the majority of the hacker’s accounts.
A Public Disclosure of the buyback address incident including latest updates, next steps, and the internal management decision.https://t.co/FfIvxCKcW4
— VeChain Foundation (@vechainofficial) December 22, 2019
VeChain Buyback Wallet Hack
A little over a week ago, the VeChain Foundation admitted to the theft of 1.1 billion VET tokens.
CEO, Sunny Lu was quick to reassure investors that the VeChain network is as secure as ever. But the incident did highlight a weakness in their internal practices.
In a Periscope broadcast, Lu explained the circumstances behind the hack. He said a member of the team, who is responsible for overseeing the buyback process, did not follow procedures when creating the buyback wallet.
Lu expanded on this by admitting a trojan infected machine, with keylogging software, enabled the hacker to obtain private key information. From there, the hacker transferred cryptocurrency assets out of the buyback wallet, into an account he controls.
“It’s caused by a mis-mangement action… The responsible person, who did not follow compliance protocol, will hold the consequence of internal management actions.”
Live Broadcasting from Sunny Lu, VeChain https://t.co/37Jf5JaMY2
— Sunny LU, VeChain (@sunshinelu24) December 14, 2019
The cryptocurrency community, as a whole, has praised VeChain for its quick response and transparent approach to the matter. And, by all accounts, it seems as though VeChain’s reputation remains intact.
“During the last AMA session, a couple of weeks ago, I was just talking about one of the major challenges to VeChain, which is the internal management. And yesterday, unfortunately we just had a really big lesson.”
Update To The Cryptocurrency Community
Yesterday, the VeChain Foundation issued an update on the buyback wallet hack. Through the use of cryptocurrency data analysis tools, the Foundation has compiled a list of hundreds of wallets that have received stolen funds.
The relevant exchanges were approached with a blacklist of addresses, in order to prevent the stolen deposits from hitting the market.
However, the Steering Committee decided that more decisive action is needed, to stem the rot. On 18th December they passed a motion to contact all Authority Masternodes, with a view to issuing an emergency patch to freeze these accounts.
The Authority Masternodes voted in agreement with this. And as a result, the hacker has lost control over the majority of the stolen funds.
“Currently, 469 addresses owned by the thief have been blocked by the Authority Masternodes, which froze about 727 million VETs.”
In addition, the VeChain Foundation will continue working with exchanges, regarding the retrieval of the rest of the stolen funds.
Questions Raised Over Decentralization
It’s a well-known fact that VeChain has ambitions to decentralize its platform. And plans are already underway to achieving this goal, for example, in the recent announcement of their decentralized governance model.
And while many in the cryptocurrency community have praised VeChain, and Sunny Lu, for a professional and decisive approach to the mistake, in reality, their actions highlight just how centralized VeChain is. Even despite Authority Masternodes voting to agree to the patch implementation.
Great to see how VeChain is handling this and the actions taken so far have been very professional.
Will be very interesting to see what all stakeholders will vote for regarding what will happen with the stolen tokens.
I feel sad for Jay reading this though….
— VeChainInsider (@vechaininsider) December 22, 2019
After all, this means Authority Masternodes can potentially collude to control the VeChain network. And while that is an unlikely scenario, it still highlights the centralized power held by the Authority Masternodes.
What’s more, for an international supply chain solution to have true value, it must be impartial. The patch implementation demonstrates, rightly or wrongly, that VeChain Masternodes are not neutral.