Cyber Incident Victim: Veritaseum
Date:
Jul 2017
Location:
United States of America
Summary
A sophisticated cyberattack targeted Veritaseum, resulting in the theft of $8.4 million worth of VERI tokens through unauthorized transfers to two addresses. The attacker rapidly liquidated the stolen tokens via the decentralized exchange EtherDelta, capitalizing on existing market demand for the assets. The platform's founder acknowledged the breach's complexity and suggested potential liability by a corporate partner, though no specific entity was named. Despite the material loss, the stolen tokens represented less than 0.07% of total assets, and the organization opted against forking the token to invalidate the theft. The incident underscored the tokens' dependency on the platform's operational support, as their value was tied to ongoing advisory services rather than standalone utility. This breach occurred amid a series of high-profile Ethereum thefts during the same period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 23, 2017, Veritaseum, a platform conducting an Initial Coin Offering (ICO), suffered a breach resulting in the theft of VERI tokens valued at approximately $8.4 million. The attack involved unauthorized transfers of tokens to two distinct blockchain addresses. According to founder Reggie Middleton's analysis, the hackers executed a "very sophisticated" operation, though specific technical details of the intrusion method were not disclosed. Following the theft, the attackers rapidly liquidated the stolen VERI tokens via the decentralized exchange EtherDelta, converting them into Ethereum cryptocurrency. Middleton noted the incident demonstrated unexpected market resilience, as demand absorbed the sudden token dump without prior public awareness of Veritaseum's recent traction. The breach investigation remained ongoing at the time of reporting, with Middleton suggesting potential liability from an unnamed corporate partner. No system remediation details or forensic findings were provided in available sources.
Veritaseum's leadership publicly acknowledged the breach but opted against recovering assets through blockchain forks, citing the stolen amount's relative insignificance (0.07% of total tokens) despite its substantial dollar value. Middleton emphasized that VERI tokens derived value solely from Veritaseum's ongoing support, asserting stolen tokens would become "literally worthless" without team endorsement and that replacement tokens could be issued under new contracts. The incident occurred amidst multiple high-profile Ethereum breaches that week, including a $7 million theft from CoinDash's ICO on July 17 and Parity Technologies' $32 million multisignature wallet exploit on July 20. These parallel incidents highlighted systemic vulnerabilities in Ethereum-based projects during mid-2017, though Veritaseum's breach specifically involved token theft rather than direct Ethereum extraction from wallets. No victim compensation plans or law enforcement actions were detailed in available reports.