
Hacker Steals $8.4M Worth of Ethereum from Veritaseum Platform - microwavecamera
https://www.bleepingcomputer.com/news/security/hacker-steals-8-4-million-worth-of-ethereum-from-veritaseum-platform/
======
Axsuul
I have no idea what these guys do. They don't even take the time to explain
it. The fact that these guys can run an ICO and call $8.7 million dollars
miniscule is what's wrong with ICOs today.

This just looks like another run-of-the-mill ICO backed by convoluted,
cryptospeak that one can only pretend they know what they actually intend to
build [2][3]

Even the investors sound sketchy. Why does no one even challenge their
business model? [1]

I'm willing to bet this hack was an inside job.

[1]
[https://bitcointalk.org/index.php?topic=1887061.0](https://bitcointalk.org/index.php?topic=1887061.0)

[2]
[https://drive.google.com/file/d/0By5WJsM3KjltOG](https://drive.google.com/file/d/0By5WJsM3KjltOG)

[3] [http://veritas.veritaseum.com/](http://veritas.veritaseum.com/)

~~~
dsacco
It's surreal. If a legal hammer doesn't come down on ICOs and smart contracts
soon, it's simply going to be rational to either hack other parties' smart
contracts or start ICOs just to get "hacked."

I don't really see a downside right now, aside from ethics. It doesn't seem
like any of the hackers have been prosecuted or even lost the coins. They can
just slowly tumble them and...move on with their lives, newly rich.

I mean I really don't see how this is sustainable. Incentives for not doing
this are rapidly evaporating, which will create systemic instability and erode
confidence in the currency. But in the meantime you can acquire a fortune in
what seems like a pretty straightforward, low risk way.

~~~
Jabanga
I keep bringing up the example of Bitcoin exchanges and wallets. In the first
few years, there were constant hacks and scams (with wallets). Due to the
global nature of Bitcoin, there was no effective way to regulate it, so this
state of affairs continued until consumers and the ecosystem in general
finally became wise, and avoided exchanges unless they met certain conditions
(e.g. backed by reputable parties, used security best practices like cold
storage) and avoided certain categories of wallets altogether (e.g. web
wallets that store consumer coins server side).

~~~
dsacco
I'm willing to accept that your postulate is true (if I understand it
correctly, the thesis is that the market will "mature" and solve these
problems).

But even if that _is_ true, it doesn't diminish the fact that _right now_ the
only thing apparently stopping anyone from becoming rich is ethics, not
effort. Normally in situations where there are few effort penalties but high
ethics penalties for quickly acquiring a fortune, there is a disincentive in
the form of regulation and the judiciary system.

That's not the case here! (If it is, correct me if I'm wrong). For example,
how many of those fraudulent Bitcoin wallets were prosecuted? The salient
example seems to be Mt. Gox, but I feel as though that one was prosecuted
because there wasn't much anonymity available to the founder.

There doesn't seem to be much of a reason to _not_ try to e.g. exploit a
vulnerability in a widely used smart contract. The endgame is millions or tens
of millions of dollars, cleaned through a tumbler and then reported to the
IRS. "Where did this windfall come from?" "I was an early cryptocurrency
investor, I did very well!"

As someone who has done _a lot_ of code review over the years and read more
bug bounty reports than I can count, I can very easily see this becoming the
de facto activity of unscrupulous security researchers until the market
undergoes the improvement you speak of.

I guess to put my point more succinctly: it seems somewhat unprecedented to me
how easy it is to do this and simply get away with it. A commenter on Hacker
News was able to pinpoint the Parity Multisig vulnerability - it's not like it
necessarily required a team of people and 6 months.

~~~
csomar
Somebody stole $800m through the swift network from bangladesh. So, yes, it
happens in the regular world.

~~~
dsacco
To open this comment: I used to own application security at an international
bank. I was responsible for technical penetration testing across the
organization, including code responsible for deposits, withdrawals, C2C
transfers (customer to customer), wire transfers and ACH transfers (as well as
the multifarious authentication mechanisms and APIs interacting with external
verification systems). I was also closely involved in incident response on
more than one occasion, though that was not my particular team.

With that background in mind, I'm going to have to strongly disagree with your
point on two grounds. First - yes, SWIFT was successfully attacked, and $800M
is an egregious amount. But while security vulnerabilities can exist in
essentially any type of software, it is _significantly_ more difficult to _get
away_ with defrauding a banking institution out of seven digits or more. There
is virtually no way to identify a single vulnerability and then exploit it to
rapidly siphon funds out of the institution. If nothing else, the
intermingling of various transfer protocols and identity constraints tends to
make that very difficult.

When I was in that role, we were very frequently targeted. The _only_ way
attackers were ever able to successfully steal money from the bank was by
first achieving identity theft _or_ by compromising existing accounts. Here
there is still an economic caveat - to achieve successful attacks against
banks on the scale of what is currently rampant in Ethereum smart contracts,
you generally need to reliably achieve a certain scale. The attackers tend to
be groups acting in concert, and will actively look for institutions where a
critical mass of accounts can have funds siphoned out of them.

In practice, this most often occurs when there is either 1) a truly egregious
security flaw in the specific institution or 2) a major security breach that
facilitates password cracking en masse against users who have accounts at the
bank and use the same passwords. A good example of #1 would be an online bank
that allows users to bypass the identity/address verification step in the
account opening process (i.e. there may be a vulnerability that allows them to
assign themselves a social security number without verification, skip parts of
the verification process or change it later on). I was very good at making
sure we never had such a serious issue.

That leaves #2, and it's the way that we were almost always attacked in
practice. Password breaches would occur, we'd get a rash of accounts
compromised, and those accounts would attempt transfers out of the system.
Sometimes it was more complex (two types of compromised accounts involving C2C
transfers, etc). We mitigated these through sophisticated rate limiting,
aggressive logging and a lot of incident response. Sometimes it happened often
enough to essentially become a dull background noise for us. But in my ~2 year
tenure, the most I ever recall us losing in any single attack was about
$15,000 (across hundreds of accounts), and I can count on one hand how often
that happened.

So that's my first point, regarding inherently superior (or more charitably,
"mature") security mechanisms. My second point is that a bank and a smart
contract or an ICO aren't really analogous. They are both in the financial
domain, but they have different risk profiles and functions. A smart contract
would be more analogous to a regular contract, and while I am very willing to
concede that smart contracts have theoretical benefits, it is very clear at
the moment that the lack of a legal fallback (for now) is a weakness, _even if
it 's also a strength._ A smart contract and a contract are both
_generalizable_ , whereas a bank would more akin to a specific, constrained
type of legal contract that houses money in exchange for certain privileges.
Smart contracts are inherently more vulnerable than banks because they can be
much more open ended in purpose and execution, without the corresponding legal
oversight that regular contracts have.

An ICO is also not analogous to a bank; as the name implies, it's much more
similar to an IPO. IPOs absolutely _do_ not share the risk profile of ICOs,
and there would be significant legal penalties if an IPO were manipulated in
such a fashion as to cost investors tens of millions of dollars that simply
evaporated due to fraud. No one would take the underwriting bank or the
founding team seriously if they said, "well hey it's not a significant amount
of money that was lost compared to our market capitalization." _NB:_ I'm not
talking about an overvalued IPO dipping in share price, I'm talking about a
significant amount of the invested money literally being stolen from both the
company and the investors with apparently no way to make either of them whole.
The idea of this happening is conceptually beyond the pale for me.

Instead of a smart contract or ICO, a banking institution is more like a
wallet or an exchange. And this brings us full circle to Mt. Gox, which
actually _was_ liable, much like a bank would be. In return for legitimacy and
expanded utility, companies like Coinbase have had to accept an increasing
amount of legal oversight and liability over the years.

------
bhaak
There are no details to this supposed hack and the used attack vector. The
given information is so vague, this is indistinguishable from an exit scam.

I hope they will come forward with more information but Veritaseum has always
looked fishy, about 98% of the tokens are held by one address
[https://etherscan.io/token/0x8f3470A7388c05eE4e7AF3d01D8C722...](https://etherscan.io/token/0x8f3470A7388c05eE4e7AF3d01D8C722b0FF52374?#balances)
and are not in free circulation.

~~~
baraah
With the market cap beeing $360.000.000[0], and only 2% beeing in circulation,
the value of the stolen tokens seems to be higher than the value of all coins
in circulation.

2% of $360,000,000 are $7,200,000 and the hacker stole more than eight
million.

Or did I get this wrong somehow?

[0]
[https://coinmarketcap.com/assets/veritaseum/](https://coinmarketcap.com/assets/veritaseum/)

~~~
mkagenius
2% represent the $360M(market cap, in circulation). 100% is 50 times that,
$18B (total supply), i.e. 100M tokens.

What is stolen is 0.07% of 100M tokens which is 70K tokens, which is roughly
$12M for current market price.

~~~
ConfucianNardin
According to the founder, the amount of stolen tokens is 37k:
[https://bitcointalk.org/index.php?topic=1887061.msg20355530#...](https://bitcointalk.org/index.php?topic=1887061.msg20355530#msg20355530)

That number also matches the number transferred (36,687.9382688909) to this
wallet mentioned in the article:
[https://etherscan.io/address/0x3fff90bf314673194c3a265ed1c0a...](https://etherscan.io/address/0x3fff90bf314673194c3a265ed1c0aa68f59550c4#tokentxns).

Also, according to two other articles (linked from the bitcointalk thread),
cite the value of the stolen as US$4.5M, not US$8.4M:

[http://www.altcointoday.com/ethereum-ico-veritaseum-
suffers-...](http://www.altcointoday.com/ethereum-ico-veritaseum-
suffers-4-5-million-hack/) [http://www.newsbtc.com/2017/07/24/yet-another-
ethereum-ico-g...](http://www.newsbtc.com/2017/07/24/yet-another-ethereum-ico-
gets-hacked-veritaseum-loses-us4-5m/)

Checking market charts around the time it happened (~00-08 July 24th), there's
a significant dip in value, with the price going as low as US$~122:
[https://coinmarketcap.com/assets/veritaseum/#charts](https://coinmarketcap.com/assets/veritaseum/#charts).
At that rate the stolen tokens would be worth US$4.48M.

~~~
mkagenius
Then the 0.07% number was probably wrongly estimated by the founder, that
number would be 0.037% then. He might have missed the 3 before 7. Anyway, that
explains it.

------
huntie
I don't really follow Ethereum, but from headlines on Hacker News I've learned
that

1\. Ethereum is difficult to work with

2\. Its difficulty does not provide security

This doesn't exactly inspire confidence in it.

Some comments on this article imply that this was just a scam, so maybe
Ethereum is secure. I think that a lot of people learn about things they don't
care about via headlines, which may be damaging for Ethereum in its infancy.

~~~
Nekorosu
Development on top of ethereum platform is in it's infancy. SQL injection
attacks were as frequent when web development was young. I haven't checked it
myself but I guess the current API is quite low level and doesn't include
higher level abstractions to prevent this kind of attacks. Also there are no
established development practices regarding security.

~~~
mannykannot
> I guess the current API is quite low level and doesn't include higher level
> abstractions to prevent this kind of attacks.

A fundamental principle of Ethereum is that its smart contracts have Turing-
complete computing power. Therefore, there is no possibility of 'higher level
abstractions' that will permit only legitimate contracts to be written (even
if the abstractions are limited in their power, an attacker can make use of
the full power of the underlying system.)

Writing provably-secure smart contracts is as difficult as writing provably-
secure software for any other Turing-complete platform: i.e. only a small
percentage of developers can do it. Furthermore, the software that comprises
the platform itself has not been stringently verified.

Of course, we are using lots of software in banking and finance that is not
formally verified, but there are significant differences: it runs in secured
environments with controlled and very limited external access, and there are
out-of-band methods for correcting mistakes. In contrast, blockchain
currencies are actually promoted as being immune to this sort of interference
on account of transactions being irrevokable (and no, the hard fork that
rescued the DAO participants is not a counter-example, as that will not be
feasible in future.)

I cannot say these problems will not be resolved in the future, but why would
anyone put any significant value at risk until they are?

~~~
runeks
> Therefore, there is no possibility of 'higher level abstractions' that will
> permit only legitimate contracts to be written (even if the abstractions are
> limited in their power, an attacker can make use of the full power of the
> underlying system.)

High level abstractions and Turing completeness are not in opposition.
Haskell, for example, offers high level abstractions in the form of a
functional language with abstract data types, strong typing and purity (unless
you specify something else explicitly, functions only have access to their
arguments).

I think Safe Haskell would be a good Turing-complete, general purpose contract
language. Untrusted code can be compiled to machine code and executed safely,
by using a restricted IO monad that only allows specific input/output
operations[1], so the contract logic can be executed safely without a sandbox.

[1]
[https://downloads.haskell.org/~ghc/7.4.1/docs/html/users_gui...](https://downloads.haskell.org/~ghc/7.4.1/docs/html/users_guide/safe-
haskell.html)

~~~
mannykannot
I don't know if the abstractions of Safe Haskell, or something like it, will
be sufficient. The link you gave seems to imply that the guarantee of
trustworthiness is restricted to something less than every aspect of the
code's semantics. One problem, as I see it, is that, from a computing point of
view, a fraudulent contract may be indistinguishable from a valid one. You see
this principle in the claim sometimes made that the DAO hack was not theft
because a contract means exactly what its code does, nothing more and nothing
less (that's not a view I hold, of course, or I would not be worrying that
theft is possible.)

------
bhouston
Is anyone making money on Ethereum in ways that are unrelated to just currency
appreciation/speculation?

Is Ethereum actually being used for something meaningful?

(I guess in a way though Ethereum found its first killer app, pure currency
speculation/appreciation. That gives it time and money to find something more
useful.)

~~~
davotoula
A very good question for which the answer was NO for a long time.

Prism is a live service using Ethereum smart contract(s).

It is from the Shapeshift people and is a kind of "digital asset portfolio".
You can invest in many types of digital assets without having to hold them.

People are spending real money on this Ethereum smart contract.

[https://blog.prism.exchange/blog/introducing-prism-the-
world...](https://blog.prism.exchange/blog/introducing-prism-the-worlds-first-
trustless-asset-portfolio-platform/)

~~~
tom_mellior
If I read that correctly, "digital assets" is just a fancy expression for
"other cryptocurrencies". So that does come back to pure cryptocurrency
speculation, except that it's across a range of them, not just Ethereum
itself.

~~~
hn_throwaway_99
Man, this is JUST like the .com v1 bubble: "I'll buy your over-inflated N
billion dollar company using the stock from my over-inflated M billion dollar
company."

------
codewithcheese
"In a post-mortem announcement, Middleton posted online today, the Veritaseum
CEO said "the amount stolen was miniscule (less than 00.07%) although the
dollar amount was quite material."

what... 0.07% was worth $8.7 million. So the market cap is $12,428,571,428?

Looked through most of the website and still have no idea what they do...

~~~
dna_polymerase
The hacker stole their BS coin VERI, so he stole 0.07% of all VERI. I guess he
can't even sell this crap coin anywhere, because why the fuck should anyone
buy Veri now?

~~~
anthonybsd
The hacker turned around and sold stolen VERI right back to the ICO investors,
so he/she got ether back right away.

------
phyushin
Title is also misleading ... They stole veri tokens and sold for eth not
directly stealing any Eth... There was a story here last month that had a
headache line like 'guy buys bit coin as 12$/coin is now worth millions' when
what he actually did was sell those coins and use the money to start a company
which he in turn sold for millions

~~~
danmaz74
Were they really able to sell the stolen VERI for that amount of ETH? That
would be really impressive...

~~~
joshschreuder
Not unless they sold before the news was out. Any mention of a hack is
basically a fast track to flash crash in the cryptocurrency space.

------
Cshelton
So I somewhat follow r/Ethereum and I remember seeing a good number of posts
about Veritaseum... the general consensus is that it is a scam and has been
the target of pump and dump schemes, like many other tokens.

This sure does look like an inside job...surely they reported to whatever
Government crime bureau in their jurisdiction? But given the terms of many of
these sales, there are literally no repercussions if the "company" decides to
just take the money and run. Buyer Beware.

I think if anything, this whole ICO thing, as I've observed, just enlighten me
about what we have consumer protection. It's not so the big corps and such
won't scam people...they don't need to even try, people will time and time
again, fuck themselves over. It's a sad reality. There was even a "Useless
Ethereum Token" that did an ICO and raised something like $50k in a matter of
days. Maybe the internet likes paying for jokes... regardless, I know
countless people are dumping their next months rent on whatever ICO is
happening that day with little regard to anything behind it.

Disclaimer: I do believe in the Ethereum platform and am long in it. I also
hold FunFair tokens, which I believe to be one of the first platforms that
really takes off.

~~~
fil_a_del_fee_a
I am very intrigued by this FunFair technology. Do you know when the next
Token Event will be held? Or how I can get some? I read I can do development
work for FunFair tokens, but don't see any more details.

~~~
Cshelton
They had a one time token offering. But yeah, the demo looks good and the CEO
of it is well known in the gaming community,
[https://en.wikipedia.org/wiki/Jez_San](https://en.wikipedia.org/wiki/Jez_San)

------
zkSNARK
Why don't the ETH people actually put out some decent templates for smart ICO
contracts. It seems nonsensical that their platform is supposedly a "world
computer" designed to enable smart contracts when a vast majority of the
created contracts fail because of being hacked.

I invested in the ETH pre-sale and have done very well from it, but I have
been selling a bit lately because I think someone else will come along with a
system that open sources some really solidly vetted template contracts that
have been thoroughly penetration tested by professionals.

~~~
slackingoff2017
It's not just the templates, Solidity is a terribly designed language. It
reminds me of the original JavaScript before 10+ years of dedicated attempts
to make it usable.

With how many VM's we already have for Java and JavaScript it's idiotic that
ETH designed their own language and eventually they will pay the price. This
will probably be another coin that comes along without an idiotic language/VM

~~~
AYBABTME
fwiw the VM's instruction set seems just fine, the problem entirely lies
within the crap programming languages available at this time. This seems to
all be fixable if someone comes around and designs a language that makes it
harder to shoot yourself in the foot.

~~~
UncleMeat
The VM also has severe problems. Whether or not you are required to check
exceptions at a call site depends on how you call a function, for example. It
also does not have a monotonically increasing time value, since operations are
allowed to manipulate the clock time up to some value.

------
bflesch
This is a youtube video of by one of the founders:
[https://www.youtube.com/watch?v=VbdQ3Q6FQYE](https://www.youtube.com/watch?v=VbdQ3Q6FQYE)

It is linked from the "prospect":
[https://drive.google.com/file/d/0By5WJsM3KjltOGJHYS1HT3Uyczg...](https://drive.google.com/file/d/0By5WJsM3KjltOGJHYS1HT3Uyczg/view)

What kind of fools invest into this?

~~~
untangle
So shocking it's funny – in the same vein that "American Psycho" was funny.
The next step for ICO's will surely be a reality-TV show.

------
FRex
I'm really sorry to be that guy but.. again? Even the article says it's 4th
time this month. What's going on?

~~~
jbmorgado
What's going on is that this is just showing what any sane people already
knew: any kind of commercial transaction must be backed up by actual real life
laws or sooner or later one of the parts gets ripped off.

Nobody can - or I would dare say, likes - to be watching is own back every
single moment or their existence... but that's what crypto in general expects
you to do.

~~~
PretzelPirate
I've been in crypto since early 2013 and I only check my wallet balance when I
need to transfer coins to/from it. I may have opened my wallet 5 times in the
past 4 years. The risk is increased when you don't control your own private
key, if you do, the risk of losing your coins is very small.

------
kovacs_x
Totally.Misleading.Headline!!! :(

Hacker stole $8.4M worth of Veri coins, not Ethereum!!!

------
Oras
>Middleton said that a hacker had somehow managed to steal VERI tokens during
the ICO.

Somehow? they couldn't even figure out how the hack happened? How convincing
for their clients.

------
CoryG89
Anyone have knowledge about this project? Looking at their website, the best I
can tell is it's just a wallet? Looks pretty sketchy to me.

[http://veritas.veritaseum.com](http://veritas.veritaseum.com)

~~~
StreamBright
No HTTPS? Amazing...

~~~
Crosseye_Jack
[https://veritas.veritaseum.com](https://veritas.veritaseum.com) It’s just not
enforced.

~~~
suzzer99
You gotta be kidding me.

~~~
nagyf
Recommended browser plugin: [https://www.eff.org/https-
everywhere](https://www.eff.org/https-everywhere)

~~~
romanovcode
I have this plugin. Does nothing for this website.

------
verytrivial
Oh, those naughty, naughty hackers. Oh, well, bad luck everyone. Do keep
sending money. You'll soon be able to buy this bridge I'm selling.

------
ascendantlogic
"Hacker". On the Ethereum subreddits a lot of people think the CEO is just
cashing out and running.

~~~
Taek
You can tell by how disinterested he seems to be in getting the money back.
Anybody who really lost $8 million would be losing sleep, crying, and doing
absolutely everything they could to get it back. This guy is not some
billionaire, $8 million is a life changing amount for him.

You don't just shrug off losing that kind of money. If I had invested in this
project, I'd be in touch with the FBI.

------
wodenokoto
There seems to be a lot of etherum heist latwly, yet i dont see any shocks in
the valuation of etherum. Does the market at large simply not care?

~~~
CoryG89
It may not be crashing the value, but if we keep seeing hacks sustained at
this frequency, it could slow or halt what might otherwise be continued
growth.

~~~
uncle_d
ETH did not participate in the big spike of BTC back-end of last week and is
now tracking down today.

------
theklub
I've thought about this after seeing a few ICO's. If you want to get super
rich over night just start your own coin. I mean you could put in a legit
effort and really try, still fail and make millions.

------
jpatokal
_the amount stolen was miniscule (less than 00.07%) although the dollar amount
was quite material_

So this ICO has a valuation in the billions? Sounds quite fishy.

------
bradjohnson
I just want to take a second and complain about the twitchy monstrosity that
is the floating nav bar. I scroll up to read text above and it covers up the
text I'm currently reading so I have to scroll up twice and then down once to
get rid of it. It's obnoxious and ugly and I wish it wasn't so popular. /rant

------
mcs_
The compiler should fire warnings to prevent injection like attacks. I
understand solidity is a tool to program what to do with balance... A super
set of rules that (at least) alerts the developers about dangerous operations
will probably become a thing in the future.

------
daddyo
Then the hacker proceeded in dumping the Veritaseum for 50% of market value.

Now if you believe the price will bounce back, you can make a lot of profit on
stolen coins. Immoral? Quite possibly. Against the law? Not this year.

~~~
dullgiulio
I think it should be tested in court. Many ICOs are the textbook depictions of
Ponzi schemes. When there is stealing, possibly self-stealing, involved the
word "fraud" comes to mind.

~~~
daddyo
There are a few problems though.

\- Since Cryptocurrency is international, the US SEC does not have
jurisdiction everywhere in the world. When there is millions on the line, you
could just move to another country and try a scheme, or direct a foreign
lackey to do it.

\- "The Federal Reserve simply does not have authority to supervise or
regulate bitcoin in any way. To the best of my knowledge, there is no
intersection at all in any way between Bitcoin and banks that the Federal
Reserve has the ability to supervise and regulate."

\- To count for an exchange you have to issue shares. Not everybody does this.

\- Is cryptocurrency a token or a security?

\- How to distinguish between nouveau riche BTC millionaires trying out their
luck with an ICO and a criminal organization using it to launder money?

\- Who is the single legal entity to target when the ICOs are distributed, and
no single entity issues coins?

\- What to do with those that profit from future illegal activity, as a 3rd
party? Right now there is a lot of obvious market manipulation going on.
Whales banding together to influence and set prices. Pumping up interest with
bots and 5-cent army trolls. Selling stolen coins for 50% of market value.
Sharing upcoming announcements with a small group of investors, devs, and
supporters, allowing them to speculate on insider knowledge. How do they prove
I must have known about the stolen coins, when the news hasn't even broken yet
and I already put out a buy order of 50% of the price in case of a flash
crash?

------
Leader2light
All these BS coins are going to destroy the entire idea. Not that it will be a
great loss. :)

------
razki
"hack" 100% wasn't stolen just a marketing stunt.

------
computerwizard
Anyone make else make a bunch on scooping up cheap coins on etherdelta then
selling them the next day?

------
Jabanga
[https://www.reddit.com/r/Bitcoin/comments/1giuft/quote_from_...](https://www.reddit.com/r/Bitcoin/comments/1giuft/quote_from_john_lyons_ceo_of_the_international/cakvvom/)

~~~
CoryG89
How is this related?

~~~
Jabanga
It's possible a group like this is the culprit. They have the means and
motive. There were also massive DDOS attacks against BitcoinXT when it was
picking up steam.

------
decentralised
I'm calling shenanigans on this one, there are too many flags even for a
cursory look at this story.

1) there is no code for this project that I was able to find;

2) blogger /personality CEO;

3) no report on the transactions (txHash) that would show the "theft";

4) [https://steemit.com/money/@financialcritic/analysis-of-
the-v...](https://steemit.com/money/@financialcritic/analysis-of-the-
veritaseum-scam)

5) [https://steemit.com/veritaseum/@deobrands/is-veritaseum-a-
sc...](https://steemit.com/veritaseum/@deobrands/is-veritaseum-a-scam)

Finally, and this is subjective but still "feels" odd: The Veritaseum project
is built on top of Bitcoin but it was Ether that was taken? If it was a smart
contract then number 3 on the my list is even more important because we can
replay it as many times as needed until we find the bug or exploit used, if
any.

PS: Ethereum = refers to the project, the network and the foundation name;
Ether = currency issued by the Ethereum network.

