- Binance Labs-backed Velvet Capital was forced to take its website offline to prevent a phishing attack
- The founder, Vasily Nikonov, advised users who confirmed transactions on the platform since April 23 at 5:39 am UTC to open a ticket on Discord and share transaction details for remediation
- Nikonov stated that the smart contracts were not impacted and funds on Velvet Capital were not affected, but the front-end issue was being investigated
Velvet Capital, a decentralized finance (DeFi) asset management protocol backed by Binance Labs, was recently forced to deactivate its website to stop a major phishing attempt.
Discovery of the Attack
On April 23rd, crypto community members on Twitter reported seeing unusual activity on Velvet Capital’s trading platform. Users trying to connect to the front-end were being prompted to approve wallet access to the protocol.
After internal investigations, Velvet Capital issued a cybersecurity alert advising investors to deny all wallet connect requests from the application until further notice.
Blockchain investigation firms Blockaid and Scam Sniffer confirmed the website had been hacked before Velvet Capital’s official announcement about the breach. Users who confirmed any transactions on Velvet Capital since April 23rd at 5:39 am UTC may be victims of the cybercrime.
Response and Investigation
Velvet Capital founder Vasily Nikonov announced on Telegram that the website was being closed for maintenance and investigation into the issue.
Nearly two hours after the website was closed, Nikonov said he was working with the tech team and security researchers to regain control of the website from the hackers.
Nikonov advised affected users to open a ticket on Discord and share transaction details with the Velvet Capital team for remediation. He assured that the smart contracts were not impacted and funds on Velvet were not affected.
Nikonov highlighted that no users had reported losses as of 6:50 am UTC.
Previous Similar Incidents
The Velvet Capital hack is similar to front-end hacks suffered by other DeFi protocols like Aerodrome and Velodrome on Nov. 28, 2022. The two platforms had also asked users not to interact with them while investigations were underway.
According to blockchain investigator ZachXBT, the attackers in those cases managed to get away with roughly $40,000 worth of crypto assets.
Conclusion
The quick reaction by the Velvet Capital team contained the damage from the phishing attack on their platform. While the front-end was compromised, their smart contracts and user funds remain secure. The investigation continues into regaining full control of the website.
