Centralized Domains Jeopardize DeFi Trust After Aerodrome DNS Breach

Generated by AI AgentCoin WorldReviewed byShunan Liu
Saturday, Nov 22, 2025 7:11 pm ET1min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- Aerodrome Finance, a Base network DEX, suffered DNS hijacking attacks forcing users to switch to decentralized ENS domains after phishing risks compromised centralized domains like aerodrome.finance.

- The breach exploited centralized domain vulnerabilities to redirect traffic to fake sites, echoing a 2023 incident that caused $300,000 in losses, despite secure smart contracts protecting user funds.

- Amid a merger with Velodrome DEX to create a unified "Aero" ecosystem, AERO token dipped 3% to $0.80 despite a 17% circulating supply buyback, as technical indicators signaled short-term bearishness.

- The attack highlights DeFi security risks in hybrid on-chain/off-chain models, with Aerodrome urging users to adopt decentralized access points to mitigate phishing threats and rebuild trust.

Aerodrome Finance, a decentralized exchange (DEX) on Coinbase's Base network, is battling a front-end attack that has forced users to abandon its centralized domains due to DNS hijacking risks. The attack, which redirected traffic to phishing sites, has prompted urgent warnings for users to switch to decentralized ENS (Ethereum Name Service) mirrors to access the protocol safely

according to reports
. The incident, which occurred late Friday, marks the latest in a series of security challenges for the platform,
which holds $400 million
in total value locked.

The attack exploited vulnerabilities in Aerodrome's centralized domain management, allowing hackers to reroute users to lookalike websites designed to steal wallet transaction signatures. While the underlying smart contracts-responsible for managing user funds and protocol logic-remain secure, Aerodrome's team has advised users to revoke recent token approvals and

avoid signing transactions
from unverified domains. The compromised domains include aerodrome.finance and aerodrome.box, with the platform
urging reliance on decentralized alternatives
like aero.drome.eth.limo.

This incident follows a similar DNS hijack in late 2023 that resulted in approximately $300,000 in user losses. The recent attack comes just days after Aerodrome announced a merger with Velodrome, another top DEX on

Optimism
, to consolidate liquidity under a unified "Aero" ecosystem. Both platforms are investigating the breach, though
no confirmed losses
have been reported as of press time.

Meanwhile, Aerodrome's native token, AERO, has seen mixed market performance. Despite a 155 million-token buyback program-accounting for 17% of its circulating supply-

the token retreated 3%
to around $0.80 at press time. The buyback, which includes contributions from the Flight School incentive program and token locks, has reduced supply pressure but
faces headwinds from a "Death Cross" pattern
in its 50-day and 200-day exponential moving averages, signaling short-term bearishness.

The attack underscores broader challenges in DeFi security, particularly for protocols reliant on centralized infrastructure. While decentralized smart contracts remain a key innovation in blockchain, front-end vulnerabilities-such as DNS hijacks-highlight the risks of hybrid models that blend on-chain and off-chain components. Aerodrome's response, which emphasizes decentralized access points,

aligns with growing industry calls
for reducing reliance on centralized services.

Aerodrome's team is working with domain provider My.box to resolve the breach

according to reports
, but the incident has reignited debates about the adequacy of current security measures in DeFi. As the platform investigates, users are reminded that
decentralized alternatives
, such as ENS domains, offer a more resilient pathway to accessing protocols without exposing themselves to phishing risks.

Comments



Add a public comment...
No comments

No comments yet