Velvet Capital, a decentralized finance (DeFi) asset management protocol, took proactive measures by temporarily deactivating its website to thwart a potential phishing attempt. The decision came after reports of unusual activity on Velvet Capital’s trading platform surfaced within the crypto community on April 23.
Concerns arose when some users attempting to access the platform’s front-end were prompted to approve wallet access to the protocol. Upon internal investigation, Velvet Capital issued a cybersecurity alert, urging investors to refrain from approving any wallet connect requests until further notice.
ATTN: Some of the users experienced an issue while connecting to the app today, please don't interact with Velvet front-end, we're closing it for maintenance & investigating the issue.
We will share a post-mortem once the issue is solved.
— Velvet.Capital (@Velvet_Capital) April 23, 2024
Founder Vasily Nikonov communicated the website closure via Telegram, advising users not to interact with the Velvet website during the maintenance period. Nikonov assured affected users that their funds were secure, emphasizing that only the front-end was under scrutiny.
Affected individuals were encouraged to open a ticket on Discord and provide transaction details to the Velvet Capital team for remediation. Despite the disruption, Nikonov assured users that the incident did not impact the smart contracts or result in any loss of funds.
“Rest assured that the smart contracts are not impacted and funds on Velvet are not affected, we’re investigating the front-end issue that some of the users faced this morning and will share the results asap.”
Blockchain investigation firms Blockaid and Scam Sniffer corroborated the incident before Velvet Capital’s official announcement. Following thorough investigation and implementation of additional security measures, the website was reinstated without any reported fund losses.