Velvet Capital, a decentralized finance (DeFi) asset management protocol that has received support from Binance Labs, is currently facing temporary downtime as a precautionary measure against a possible phishing attack.
On April 23, reports emerged about unusual activity on the Velvet Capital trading platform. Users who attempted to access the website were prompted to authorize wallet access, raising concerns about potential phishing attacks.
In response to this potential threat, Velvet Capital immediately launched internal investigations and issued a cybersecurity alert advising investors not to approve any wallet connection requests until further notice.
Founder Vasily Nikonov took decisive action to protect investor funds by temporarily shutting down the Velvet Capital website. Nikonov urged investors to only interact with the platform once maintenance and security measures were in place. This proactive approach aimed to minimize potential losses and prevent cybercriminals from gaining access to investor funds.
Efforts are currently underway to regain control of the platform and address the security breach. Nikonov emphasized the collaboration with technical experts and security researchers to identify and fix vulnerabilities exploited by hackers. He reassured users that the smart contracts and funds on Velvet Capital were not affected by the incident.
Blockchain investigation firms Blockaid and Scam Sniffer validated Velvet Capital’s acknowledgement of the website hack. Users who may have unknowingly approved fraudulent transactions during the incident were encouraged to report the details to Velvet Capital for resolution. As of now, no users have reported any financial losses resulting from the incident.
In 2024 alone, the Web3 space has suffered losses of over $200 million due to hacks and rug pulls. This data comes from a report by Immunefi, a blockchain cybersecurity platform that safeguards assets exceeding $60 billion. These figures indicate a significant increase in incidents compared to the same period in 2023, with a 15.4% rise from $173 million to over $200 million across 32 specific incidents.
During February, Web3 users experienced losses of over $67 million across 12 specific incidents, a notable decrease from January’s figures of over $133 million. Hacks remained the primary security concern, accounting for 97.54% of the total losses in February, while fraud accounted for only 2.46%.
Jonah Michaels, Communications Lead at Immunefi, highlighted the alarming trend of private key and wallet compromises contributing to nearly 30% of the total losses this year. Michaels also warned of potentially record-breaking losses in 2024, anticipating a continuation of the upward trend seen in the previous year.