Velvet Capital, a decentralized finance (DeFi) platform backed by Binance Labs, urged users to exercise caution after detecting a potential phishing attack targeting its website.
On April 23rd, the Velvet Capital team issued a security alert, advising users to refrain from connecting their digital wallets to the platform’s website.
This precautionary measure stemmed from concerns about a vulnerability in the website’s front end, the user-facing interface.
Malicious actors might have exploited this chink in the armour to steal user data or execute unauthorized actions within the platform.
Details of the attack remain under wraps, but the Velvet Capital team assures users that the core functionality of the platform – the smart contracts – remains secure.
They haven’t identified any compromised user accounts at the time of this writing. However, users are still recommended to avoid interacting with the website until a fix is implemented.
While the extent of the attack is unclear, some security experts believe there might be affected users.
A spokesperson for Velvet Capital, in a Telegram post, stated that users who suspect they might be victims can report the incident through a ticketing system on the project’s Discord server.
This contradicts the claims of a blockchain security firm, Scam Sniffer, who believe there “should be” victims, though they haven’t provided any concrete evidence to support this claim.
This incident adds to the growing list of security concerns surrounding Binance-backed projects.
Just earlier in April, OpenLeverage, another DeFi protocol under Binance Labs’ umbrella, fell prey to a hacker attack that resulted in a loss of $236,000, allegedly facilitated by the Tornado Cash anonymity service.