Velo3D, the metal additive manufacturing company, has had its website compromised with Russian-language spam posts about online casinos.

Update March 8, 2026: This story has been verified. Velo3D has confirmed the breach and is working to remove the malicious posts.

Industrial metal 3D printer manufacturer Velo3D has suffered a cybersecurity incident. On Saturday night, suspicious posts appeared on the company's blog — written entirely in Russian.

What Happened

The posts, titled "Пинко казино отзывы: кому доверять в мире онлайн-игр?" (Pinko Casino Reviews: Who to Trust in the World of Online Gaming?), were clearly not authored by Velo3D's marketing team. The title translates to a promotion for an online casino review site.

A second Russian post about sports betting was also discovered. Both contained links that security researchers are warning users not to click.

How It Was Discovered

The spam was picked up via Velo3D's RSS feed, which automatically distributed the posts to subscribers. This is how Fabbaloo and other outlets became aware of the breach.

What's at Stake

For Velo3D, this isn't just an embarrassment — it's a serious security concern. The company has been rapidly gaining traction in the defense sector, recently securing an $11.5 million production contract with a major U.S. defense prime contractor and becoming the first qualified additive manufacturing vendor for U.S. Army ground vehicles.

Any compromise of their web infrastructure could have implications for customer trust, especially in sensitive defense applications.

What Velo3D Needs to Do

  1. Remove the posts immediately — these are still live as of this writing
  2. Investigate how the attackers gained access — was it a compromised password, vulnerable plugin, or something else?
  3. Full site audit — restore from a known-good backup to ensure no persistent malware remains
  4. Notify customers — if any customer accounts were affected

This incident highlights an uncomfortable truth: even serious industrial technology companies can fall victim to automated web attacks. These robotic attacks run 24/7, scanning for vulnerabilities and injecting content wherever they find an opening.

We'll update this story as more information becomes available.

Disclosure: Some links are affiliate links. We may earn a small commission at no extra cost to you.

Comments (0)

No comments yet. Be the first!

Leave a Comment