Aerodrome Finance, a prominent decentralized exchange on the Base Layer 2 network, experienced a sophisticated front-end attack on November 22, 2025. Attackers hijacked Aerodrome’s primary DNS records, rerouting web traffic from official domains to lookalike phishing sites designed to steal private keys and funds.
The malicious redirect did not compromise the underlying smart contracts, which manage liquidity pools and protocol logic on-chain. However, the phishing pages replicated Aerodrome’s interface to solicit wallet connection and transaction signatures, risking unauthorized token approvals.
Security teams at Aerodrome detected unusual DNS changes late Friday and immediately issued warnings via official social channels. Concurrently, the team posted ENS mirror domains—such as aero.drome.eth.limo—and urged users to avoid aerodrome.finance and aerodrome.box until the attack was remediated.
Incident analysis by blockchain forensics firms indicates the DNS hijack likely exploited vulnerabilities at the domain registrar rather than a direct breach of Aerodrome’s infrastructure. Aerodrome’s support team contacted My.box, the registrar, to investigate potential system exploits. A preliminary report suggests that compromised registrar credentials enabled unauthorized record modifications.
Users are advised to revoke all recent token approvals associated with Aerodrome front-ends using tools like Revoke.cash. Protocol treasuries and liquidity aggregated on-chain remain intact, but individual positions exposed through phishing may have been drained. No significant on-chain fund movements have been confirmed at the time of writing.
The attack follows Aerodrome’s recent announcement of a merger with Velodrome, intended to combine liquidity across Base and Optimism under a unified “Aero” ecosystem. Despite the disruption, the AERO token held steady around $0.67, reflecting confidence in the protocol’s core security.
Aerodrome’s engineering team is deploying updated DNS configurations and multi-factor authentication for registrar access. Post-mortem planning includes decentralized domain solutions and rigorous registrar audits. The incident underscores the critical importance of DNS security in DeFi interfaces and the persistent risk of front-end exploits.
Comments (0)