Binance-backed defi protocol Velvet Capital suffers front-end attack

The Velvet Capital team has urged users to avoid connecting their digital wallets to the protocol’s website, citing a potential front-end attack on the website.

Velvet Capital, a decentralized finance (defi) protocol, that works as an asset management dashboard, may have been targeted by hackers who exploited vulnerabilities in the website’s front-end. In an X post on Apr. 23, the team said that the protocol’s website suffered what appears to be a front-end attack, allowing bad actors to exploit vulnerabilities and potentially compromise user data or perform unauthorized actions on the platform.

While specifics regarding the nature of the attack remain unclear, the Velvet team says it has “promptly identified the issue and, together with top security researchers, investigated the malicious activity & the issue is being fixed.” The team also reassured users that the protocol’s smart contracts “are not affected,” emphasizing that the issue occurred on the front-end only. As of press time, users are still adviced not to interact with the website.

A spokesperson for Velvet Capital said in a Telegram post that “no known users were impacted,” adding that those who fell victim to the attack, can create a ticket on the project’s Discord server. However, analysts at a blockchain analytics firm Scam Sniffer argue the opposite, saying “there should be [victims],” although no details were given on the matter as of press time.

Backed by Binance Labs in late 2022, Velvet Capital has become the latest in a series of Binance-backed projects to experience security breaches. This incident comes shortly after the permissionless money market protocol OpenLeverage — which was also backed by Binance Labs — also suffered a hacker attack earlier in April, resulting in a $236,000 loss allegedly caused by an attack funded via Tornado Cash.

Read more: Binance Labs-backed MobileCoin faces delisting from Binance