Another Coin Hacked? Sudden $4.5M Transfer at Veritaseum

Swift, high-volume transfers of an occasionally high-riding token called Veritaseum (VERI) have come with a report of a hack at the blockchain startup that issued the coin.

Veritaseum advertises itself as a peer-to-peer investment banking service. It opened a token sale in April, and apparently the sale is ongoing, judging by the big buy button on the company’s website, despite an announcement that it had closed in May.

A veteran user on a bitcointalk forum dedicated to the project posted a screen grab that appeared to be taken from Veritaseum’s Slack channel. In it, a user named reggie.veritas is seen reporting that “A small amount of VERI (but a large $ amount) was stolen this morning.” (Veritaseum’s founder is one Reggie Middleton.) The user posts an Ethereum address and asks for help catching the alleged thief. The amount was reportedly equivalent to about 4.5 million USD.

Update: Veritaseum founder and “disruptor-in-chief,” Reggie Middleton, confirmed the report in an email, writing, “We were hacked, possibly by a group.” The hack, Middleton wrote, “seemed to be very sophisticated”; he also pointed to an unnamed “corporate partner that may have dropped the ball.” He declined to provide details of how the project was hacked, beyond saying it involved “social engineering” and making an assurance that the vulnerability has been closed.

The coin took a dizzying dip in value, before recovering just as quickly to about 10 percent below its 24-hour-ago price. Price data aren’t terribly helpful on VERI, which trades primarily on Etherdelta, a non-matching exchange. While it’s held by 7,654 addresses, according to Etherscan, just one address (presumably the issuer) holds nearly 98 percent of the 10 million tokens issued so far. “The entity holds the bulk of the tokens in reserve for sale to institutional clients,” Middleton wrote in an email.

The purported hack follows a week in which two projects saw millions siphoned off by hackers: First, CoinDash, an Israeli portfolio management startup, saw ether worth 10 million USD in token sale contributions intercepted by a hacker through a fraudulent Ethereum address. Then, Parity, developer of an Ethereum browser, saw ether worth over 30 million USD appropriated through a vulnerability in the code governing a multi-signature wallet it offers.

Veritaseum was the subject of a heated debate on r/ethtrader, a Reddit forum used by Ethereum traders, just a few days ago. It started with a lengthy post poking holes in the project criticizing its technical execution (or lack thereof).

In an email, Middleton responded to the criticism, inviting comparison to other projects’ traction and noting a partnership the project has announced with the Jamaican Stock Exchange.