The Velvet Capital team has urged users to avoid connecting their digital wallets to the protocol’s website, citing a potential front-end attack on the website.
Velvet Capital, a decentralized finance (defi) protocol, that works as an asset management dashboard, may have been targeted by hackers who exploited vulnerabilities in the website’s front-end. In an X post on Apr. 23, the team said that the protocol’s website suffered what appears to be a front-end attack, allowing bad actors to exploit vulnerabilities and potentially compromise user data or perform unauthorized actions on the platform.
ATTN: Some of the users experienced an issue while connecting to the app today, please don’t interact with Velvet front-end, we’re closing it for maintenance & investigating the issue.
We will share a post-mortem once the issue is solved.
— Velvet.Capital (@Velvet_Capital) April 23, 2024
You might also like: Binance Labs distances from SkyArk Chronicles’ latest funding round
While specifics regarding the nature of the attack remain unclear, the Velvet team says it has “promptly identified the issue and, together with top security researchers, investigated the malicious activity & the issue is being fixed.” The team also reassured users that the protocol’s smart contracts “are not affected,” emphasizing that the issue occurred on the front-end only. As of press time, users are still adviced not to interact with the website.
Update:
No known users were impacted, if you interacted with Velvet on April 23 after 12:30am UTC and believe you were impacted – please create a ticket on Discord.
The team promptly identified the issue and, together with top security researchers, investigated the malicious…
— Velvet.Capital (@Velvet_Capital) April 23, 2024
A spokesperson for Velvet Capital said in a Telegram post that “no known users were impacted,” adding that those who fell victim to the attack, can create a ticket on the project’s Discord server. However, analysts at a blockchain analytics firm Scam Sniffer argue the opposite, saying “there should be [victims],” although no details were given on the matter as of press time.
Backed by Binance Labs in late 2022, Velvet Capital has become the latest in a series of Binance-backed projects to experience security breaches. This incident comes shortly after the permissionless money market protocol OpenLeverage — which was also backed by Binance Labs — also suffered a hacker attack earlier in April, resulting in a $236,000 loss allegedly caused by an attack funded via Tornado Cash.
Original source: https://cryptonews.net/news/security/28907145/