Velvet Capital, a decentralized finance (DeFi) asset management protocol supported by Binance Labs, has temporarily disabled its website amid apprehensions regarding a possible phishing attempt.
Anomalies in activity on Velvet Capital’s trading platform were noticed on April 23. Visitors to the website were met with requests to authorize wallet access, prompting concerns among users.
Suspicious Activity on Velvet Capital Triggers Phishing Attack Concerns
Recognizing the potential threat, Velvet Capital promptly launched internal investigations and issued a cybersecurity alert advising investors against authorizing wallet connection requests until further notice.
Founder Vasily Nikonov took decisive steps to protect investor funds, announcing the temporary suspension of the Velvet Capital website via Telegram.
“ATTN, please refrain from interacting with the Velvet website; it’s undergoing maintenance while we investigate the issue. We’ll provide a post-mortem once the situation is resolved.”
With concerns for user asset security, Nikonov emphasized the importance of users only engaging with the platform post-maintenance and security updates. The measure aimed to mitigate potential losses for users and thwart cybercriminals’ attempts to access investor funds.
Ongoing Efforts to Resolve the Situation
Nearly two hours after the website went offline, Nikonov reassured users that efforts were actively underway to regain control of the platform and address the security breach.
He stressed the collaborative effort with technical experts and security researchers to pinpoint and resolve vulnerabilities exploited by hackers.
“Rest assured, the smart contracts remain unaffected, and funds on Velvet are secure. We’re investigating the front-end issue encountered by some users this morning and will share findings promptly,” he stated.
Blockchain investigation firms Blockaid and Scam Sniffer corroborated Velvet Capital’s acknowledgment of the website hack. Users who may have unwittingly authorized fraudulent transactions were encouraged to report details to Velvet Capital for remediation.
Despite the disruption, no users had reported financial losses as of the latest update.
Over $200 Million Has Been Lost To Hacks And Rug Pulls In 2024 Alone
In the initial two months of 2024, the Web3 community experienced a turbulent period, grappling with over $200 million in losses attributed to hacks and rug pulls, as per a report by Immunefi, a blockchain cybersecurity platform safeguarding assets valued at over $60 billion.
This substantial sum signifies a notable surge in incidents compared to the corresponding period in 2023, marking a 15.4% increase from $173 million to over $200 million across 32 specific occurrences.
During February alone, Web3 users faced losses exceeding $67 million across 12 distinct incidents, representing a significant decrease from January’s figures, which surpassed $133 million.
Hacks remained the predominant security threat, constituting 97.54% of the total losses in February, with fraud accounting for a mere 2.46%.
Jonah Michaels, Communications Lead at Immunefi, highlighted the concerning trend of private key and wallet compromises, contributing to nearly 30% of the total losses year-to-date. Michaels also cautioned of potentially record-breaking losses in 2024, foreseeing a continuation of the upward trajectory observed since the previous year.