Velvet Capital, a decentralized finance (DeFi) asset management protocol backed by Binance Labs, has been forced to temporarily deactivate its website following concerns over a potential phishing attack.
Reports of abnormal behavior on Velvet Capital’s trading platform surfaced on April 23. Upon attempting to connect to the website, users encountered prompts to authorize wallet access.
Suspicious Activity on Velvet Capital Triggers Phishing Attack Concerns
Recognizing the potential threat, Velvet Capital swiftly initiated internal investigations and issued a cybersecurity alert advising investors to refrain from approving wallet connection requests until further notice.
Founder Vasily Nikonov took decisive action to safeguard investor funds, announcing the temporary closure of the Velvet Capital website on Telegram.
“ATTN, don’t interact with the Velvet website; we’re closing it for maintenance and investigating the issue, We will issue a post-mortem once the issue is solved.”
Concerned about the security of user assets, Nikonov urged investors to interact with the platform only after maintenance and security measures had been completed. The move aimed to minimize potential user losses and prevent cybercriminals from accessing investor funds.
Ongoing Efforts to Resolve the Situation
Almost two hours after the website was offline, Nikonov reassured users that efforts were underway to regain control of the platform and address the security breach.
ATTN: Some of the users experienced an issue while connecting to the app today, please don’t interact with Velvet front-end, we’re closing it for maintenance & investigating the issue.
We will share a post-mortem once the issue is solved.
— Velvet.Capital (@Velvet_Capital) April 23, 2024
He emphasized collaboration with technical experts and security researchers to identify and rectify vulnerabilities exploited by hackers.
“Rest assured that the smart contracts are not impacted and funds on Velvet are not affected, we’re investigating the front-end issue that some of the users faced this morning and will share the results asap”, he said.
Blockchain investigation firms Blockaid and Scam Sniffer corroborated Velvet Capital’s acknowledgment of the website hack. Users who may have unwittingly approved fraudulent transactions during the incident were urged to report the details to Velvet Capital for remediation.
Despite the disruption, no users had reported financial losses as of the latest update.
Over $200 Million Has Been Lost To Hacks And Rug Pulls In 2024 Alone.
In the first two months of 2024, the Web3 space has been rocked by over $200 million in losses due to hacks and rug pulls, according to a report by Immunefi, a blockchain cybersecurity platform safeguarding assets exceeding $60 billion.
This staggering sum reflects a significant uptick in incidents compared to the same period in 2023, witnessing a 15.4% increase from $173 Million to over $200 Million across 32 specific incidents.
In February alone, Web3 users suffered losses of over $67 Million across 12 specific incidents, a notable decrease from January’s figures of over $133 Million.
Hacks continued to dominate as a significant security concern, accounting for 97.54% of the total losses in February, while fraud constituted a mere 2.46%.
Jonah Michaels, Communications Lead at Immunefi, emphasized the alarming trend of private key and wallet compromises contributing to nearly 30% of the total losses year-to-date. Michaels also warned of potentially record-breaking losses in 2024, anticipating a continuation of the rising trend observed since the previous year.