Decentralized finance (DeFi) asset management protocol Velvet Capital had to temporarily disable its website to prevent a major phishing attempt. Members of the crypto community on X reported unusual activity on Velvet Capital’s trading platform on April 23. Users attempting to connect to the front end were asked to confirm their wallet access to the protocol.
What’s Happening at Velvet Capital?
The incident led to Velvet Capital issuing a cybersecurity alert and advising investors to reject all wallet connection requests from the application until the next announcement.
Investors who may have confirmed the fraudulent request need to cancel the wallet’s access to the protocol to prevent any loss of funds. Additionally, Velvet Capital disabled the application to prevent further damage to investors.
Velvet Capital‘s founder Vasily Nikonov announced the website shutdown via Telegram with the following words:
“ATTN, do not interact with the Velvet website, we are closing it for maintenance and investigating the issue, we will publish a report once the problem is resolved.”
About two hours after the website shutdown, Nikonov stated that he was working with the technical team and security researchers to regain control of the website from hackers.
Key Details on the Issue
Blockchain research firms Blockaid and Scam Sniffer confirmed that Velvet Capital’s website was hacked before the official announcement of the breach. Users who approved any transactions on Velvet Capital since 08:30 on April 23 could be victims of cybercrime.
Nikonov advised such users to open a support ticket on Discord and share transaction details with the Velvet Capital team for resolution, sharing these words:
“You can be assured that the smart contracts were not affected and funds at Velvet remain unaffected. We are investigating the front-end issue some users encountered this morning and will share the results as soon as possible.”
By 09:50, Nikonov emphasized that no users had reported any losses. DeFi protocols Aerodrome and Velodrome faced similar front-end attacks on November 28, 2023. Both platforms announced on X that their front-ends were compromised and asked users to avoid interacting with the platforms while investigations continued. According to blockchain researcher ZachXBT, attackers managed to seize about $40,000 worth of crypto assets at that time.
