- Velvet Capital has flagged a potential attack on its website.
- The protocol took a drastic measure to mitigate the incident.
- Some users could have been affected by the incident.
Binance-backed DeFi protocol Velvet Capital was compelled to take drastic action on Monday, shutting down its website in response to a highly concerning phishing attack on the front end.
The incident occurred just as the asset management protocol was reinforcing its security measures to safeguard users against crypto-fashioned attacks. On April 22, Velvet Capital proactively released its custom bloXroute Protect RPC, a robust tool designed to shield users from MEV Frontrunning and Sandwich Attacks.
Velvet Capital Security Breach
Barely a day after touting the new security tool, Velvet Capital seemingly suffered a breach on its website, potentially endangering user funds. On April 23, X (Twitter) crypto community members reported unusual activity on the protocolโs website, prompting them to approve their wallet access when connecting to the front end.
Sponsored
Following the reports, the Velvet Capital team sprung into action, issuing an โurgent security alert โon Telegram.
โA security concern has emerged with the Velvet Capital website, suspected to have been compromised. Users are urgently advised not to connect their digital wallets ๐ซ๐ผ or make transactions until further notice. The development team is actively investigating the situation ๐ต๏ธโโ๏ธ๐ and working on security measures.โ
Moments after the alert, Velvet Capital founder Vasily Nikonov announced the website shut down and urged users to avoid interactions with the front end. While the Velvet team promised to issue a post-mortem once the issue is solved, some users could have already lost funds.
Potential Loss of User Funds
According to Nikonov, users who approved any transactions on Velvet Capital since April 23, 5:39 a.m. UTC, could have been victims of the cyberattack.
Reiterating that โthe smart contracts are not impacted and funds on Velvet are not affected,โ Nikonov advised users who had confirmed transactions during the above period to open a ticket on Discord and share more details with the Velvet Capital team for remediation.
As of press time, the protocol has yet to issue any further update on the matter.
Read about Thailandโs solution to crypto-fueled cybercrime:
Thailand SEC Tightens Crypto Crackdown to Target Cybercrime
Stay updated on the phishing ads that recently targeted Etherscan users:
Crypto Scammers Target Etherscan Users with Massive Phishing Ads