Thieves Hit the Vape Truck, Steal $1 Million Worth of E-Cigs

A digital hack is believed to have recently led to a physical hijacking. A group of cybercriminals reportedly gained access to a logistics company’s systems and used it to identify planned shipments, then preempted at least one of those deliveries to make off with about $1.4 million worth of vapes.

The whole situation started when a shipping firm called Nolan Transport Group got hit by hackers, who were able to see messages about upcoming transactions the company was set to be involved with. Armed with that information, they reportedly targeted Fifty Bar, a company that makes flavored smoking products, vapes, and e-cigarettes.

The California-based company had a shipment scheduled to go out on a Saturday, only for it to be abruptly rescheduled after their usual driver stopped responding to messages, per Bloomberg. The new driver showed up on Monday with a receipt for the shipment, which was verification enough that things were on the level. The truck full of 78,000 vapes was supposed to be destined for Austin, Texas, but it never arrived. In fact, the Austin-based firm never even heard from the delivery driver.

They did hear from someone, though: an unknown seller out of New York City who, according to Bloomberg, was offering a stock of product extremely similar to the one that never arrived, except at a lower price. Despite piecing together how the hijacking happened, the company still apparently has no leads on who has its goods, and is now worried that its products will flood into states via dark markets rather than the above-board method that it has built its business on.

The vape makers aren’t the only ones who have seen their shipments go up in smoke. The National Insurance Crime Bureau recently reported that cargo theft losses increased by 27% in 2024 and are predicted to rise by about 22% in 2025. A not-insignificant driver of that increase seems to be hacks. In November, security firm Proofpoint published a report on how cybercriminals have started to target cargo firms, ultimately making off with millions of physical goods.

Proofpoint’s research identified at least three groups carrying out attacks like this, who it believes likely sell the stolen goods online or overseas. In the last two months, there has been an uptick in these attacks, with at least 20 campaigns documented. So if your Christmas presents go missing this year, know that it’s probably not the Grinch who is to blame.