VeChain Foundation Announcement

2 min readDec 13, 2019

December 13, at 8:27 pm Beijing Time, due to human error and the mismanagement of the private key by our staff, the VeChain Foundation buyback address was compromised. After a responsive investigation, the incident was caused by the fact that the private key of buyback address was stolen during the wallet creation process due to the negligence of the staff member. The security integrity of the mainnet and our official mobile wallet had not been affected in any way or form.

Approximately 1.1 billion VET tokens in this address were transferred into 0xD802A148f38aBa4759879c33E8d04deb00cFB92b, this individual address. All the addresses associated with the said address have been tagged on VeChainStats, the list is automatically updated as soon as the thief sends any funds from the original thief’s address.

VeChain Foundation has been tracing the transfer of these VET Tokens in real-time and has taken several steps as outlined below to contain the situation.

  1. The security of VeChainThor network and wallet is intact and sound.
  2. We have notified all exchanges to monitor, blacklist and freeze any funds coming from the thief’s address and any withdraws from the corresponding exchanging wallets. We have paid special attention to the few exchanges which the thief had sent funds to.
  3. We have launched an investigation into every fact around the address to determine the motive, method, and data flow behind this malicious act. We have narrowed down the possibilities enough to lead to a highly probable theory. Security breach was most likely due to misconduct of one of the team members within our finance team, who have created the buyback account without thoroughly obeying The Standard Procedure approved by the Foundation, and our auditing team did not pick up this misconduct, due to human error. We would like to emphasize that the incident is in no way related to the effectiveness of the actual Standard Procedure or VeChain’s hardware wallet solutions. And the responsible person without following full compliance will hold the accountability and consequences of internal management actions.
  4. We have enlisted the assistance of Hacken along with its whitehat community, and teams to help with monitoring and containment of the situation. Their expertise in blockchain data management and cybersecurity will be of help to our efforts.
  5. We have also started a security check immediately on the other crypto assets under the custodian of the Foundation, to make sure no further breach will occur.
  6. We have reported this incident to law enforcement in Singapore.

We will continuously monitor the situation and work diligently with cybersecurity and law enforcement professionals to add more clarity to the situation and mitigate as much as possible.

This is an initial update to inform VET token holders of our current situation. A more detailed account of the event will follow once we gain more clarity.

VeChain Foundation

2019.12.14 00:44 (UTC+8)




  1. 经过快速排查,唯链雷神主网及钱包的安全性并没有受到影响。
  2. 我们在第一时间对此地址相关的所有资金去向进行全面追查,截断资金转账;并与各交易所取得联系,冻结来自此地址的任何资金以及从相关交易所钱包提现的资金。
  3. 经全面调查,由于唯链基金会内部财务人员在创建该回购地址时未严格遵守基金会制定的标准财务安全流程,最终导致本次事件发生,我们为此深表歉意。未来,唯链基金会将会进一步加强内部人员在实施各项标准流程时的管理和审计,并按内部管理规则追究本次操作失误人员的责任。
  4. Hacken团队正在积极协助唯链基金会对此次私钥失窃事件所涉及的所有相关地址展开调查和监控;其在区块链数据管理和网络安全方面的专业经验,帮助基金会更快速高效地展开调查工作。
  5. 我们已对唯链基金会所有的其他资产进行全面安全检查。唯链基金会所持有的其他地址均处于安全状态。
  6. 我们已将本次事件通报新加坡警方,并紧密配合警方对此次事件进行进一步追查。




2019年12月14日 00:44 (北京时间)




Vechain, based in San Marino, Europe built VechainThor, a powerful blockchain enabling a sustainability revolution