Binance Labs-backed Velvet Capital forced offline to prevent phishing attack


Decentralized finance (DeFi) asset management protocol Velvet Capital was forced to deactivate its website temporarily to prevent a major phishing attempt. 

Crypto community members on X reported unusual activity on Velvet Capital’s trading platform on April 23. Users trying to connect to the front-end were prompted to approve their wallet access to the protocol.

Internal investigations led Velvet Capital to issue a cybersecurity alert, advising investors to deny all wallet connect requests from the application until further notice.

Velvet Capital issues alert against a possible website compromise. Source: Velvet Capital

Investors who might have approved the fraudulent request need to revoke wallet access to the protocol to avoid any loss of funds. In addition, Velvet Capital deactivated the application to minimize any further losses for investors.

Velvet Capital takes down comprimized website for further investigation. Source:

Velvet Capital founder Vasily Nikonov announced the website closure on Telegram:

“ATTN, don’t interact with the Velvet website, we’re closing it for maintenance and investigating the issue, we will issue a post-mortem once the issue is solved.”

Nearly two hours after the website closed down, Nikonov said he was working with the tech team and security researchers to regain control of the website from hackers.

Source: Velvet Capital

Blockchain investigation firms Blockaid and Scam Sniffer had confirmed the website hack before Velvet Capital’s official announcement about the breach. Users who confirmed any transactions on Velvet Capital since April 23, 5:39 am UTC may be victims of the cybercrime.

Nikonov advised such users to open a ticket on Discord and share the transaction details with the Velvet Capital team for remediation. He added:

“Rest assured that the smart contracts are not impacted and funds on Velvet are not affected, we’re investigating the front-end issue that some of the users faced this morning and will share the results asap.”

Nikonov highlighted that no users reported losses as of 6:50 am UTC.

Related: How to revoke smart contract access to your cryptocurrency

DeFi protocols Aerodrome and Velodrome suffered similar front-end hacks on Nov. 28, 2023. The two platforms posted announcements on X stating their front ends were compromised and asked users not to interact with the platforms while investigations were underway.

Source: Aerodrome

According to blockchain investigator ZachXBT, the attackers managed to get away with roughly $40,000 worth of crypto assets at the time.

Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis