VeChain Foundation Announcement

December 13, at 8:27 pm Beijing Time, due to human error and the mismanagement of the private key by our staff, the VeChain Foundation buyback address was compromised. After a responsive investigation, the incident was caused by the fact that the private key of buyback address was stolen during the wallet creation process due to the negligence of the staff member. The security integrity of the mainnet and our official mobile wallet had not been affected in any way or form.

Approximately 1.1 billion VET tokens in this address were transferred into 0xD802A148f38aBa4759879c33E8d04deb00cFB92b, this individual address. All the addresses associated with the said address have been tagged on VeChainStats, the list is automatically updated as soon as the thief sends any funds from the original thief’s address.

VeChain Foundation has been tracing the transfer of these VET Tokens in real-time and has taken several steps as outlined below to contain the situation.

1. The security of VeChainThor network and wallet is intact and sound.
2. We have notified all exchanges to monitor, blacklist and freeze any funds coming from the thief’s address and any withdraws from the corresponding exchanging wallets. We have paid special attention to the few exchanges which the thief had sent funds to.
3. We have launched an investigation into every fact around the address to determine the motive, method, and data flow behind this malicious act. We have narrowed down the possibilities enough to lead to a highly probable theory. Security breach was most likely due to misconduct of one of the team members within our finance team, who have created the buyback account without thoroughly obeying The Standard Procedure approved by the Foundation, and our auditing team did not pick up this misconduct, due to human error. We would like to emphasize that the incident is in no way related to the effectiveness of the actual Standard Procedure or VeChain’s hardware wallet solutions. And the responsible person without following full compliance will hold the accountability and consequences of internal management actions.
4. We have enlisted the assistance of Hacken along with its whitehat community, and vechainstats.com teams to help with monitoring and containment of the situation. Their expertise in blockchain data management and cybersecurity will be of help to our efforts.
5. We have also started a security check immediately on the other crypto assets under the custodian of the Foundation, to make sure no further breach will occur.
6. We have reported this incident to law enforcement in Singapore.

We will continuously monitor the situation and work diligently with cybersecurity and law enforcement professionals to add more clarity to the situation and mitigate as much as possible.

This is an initial update to inform VET token holders of our current situation. A more detailed account of the event will follow once we gain more clarity.

VeChain Foundation

2019.12.14 00:44 (UTC+8)

2019年12月13日，北京时间晚上8时27分，唯链基金会回购地址遭遇私钥被窃事件。经及时调查发现，执行人员在创建回购地址钱包过程中，未严格遵守基金会制定的内部财务安全标准流程，违规使用个人电脑进行该钱包的创建，导致相关私钥在不应该存在的临时过渡过程中被窃。

回购地址中约11亿VET被全部转移至如下不法分子地址：0xD802A148f38aBa4759879c33E8d04deb00cFB92b。目前，与此地址相关的所有地址已在vechainstats.com进行公示，所有接收到被窃资金的地址将会在此实时更新。

唯链基金会在事件发生后的2小时内启动以下紧急预案：

1. 经过快速排查，唯链雷神主网及钱包的安全性并没有受到影响。
2. 我们在第一时间对此地址相关的所有资金去向进行全面追查，截断资金转账；并与各交易所取得联系，冻结来自此地址的任何资金以及从相关交易所钱包提现的资金。
3. 经全面调查，由于唯链基金会内部财务人员在创建该回购地址时未严格遵守基金会制定的标准财务安全流程，最终导致本次事件发生，我们为此深表歉意。未来，唯链基金会将会进一步加强内部人员在实施各项标准流程时的管理和审计，并按内部管理规则追究本次操作失误人员的责任。
4. Hacken团队正在积极协助唯链基金会对此次私钥失窃事件所涉及的所有相关地址展开调查和监控；其在区块链数据管理和网络安全方面的专业经验，帮助基金会更快速高效地展开调查工作。
5. 我们已对唯链基金会所有的其他资产进行全面安全检查。唯链基金会所持有的其他地址均处于安全状态。
6. 我们已将本次事件通报新加坡警方，并紧密配合警方对此次事件进行进一步追查。

唯链基金会将对事件发展保持紧密关注，并协同技术与法律领域专业人士寻求最为安全合理的解决方案。

本声明旨在向VET持有者及时说明事件情况，在掌握更多翔实信息后将会继续公开调查情况。

唯链基金会

2019年12月14日 00:44 （北京时间）