Ethereum News Today: Centralized DNS Breach Exposes DeFi's Vulnerability: Aerodrome Loses $1M
Aime SummaryAerodrome Finance, the leading decentralized exchange (DEX) on Coinbase's Base network, is investigating a suspected DNS hijacking attack that compromised its centralized domains, prompting urgent warnings for users to avoid accessing its primary websites. The incident, which occurred on November 22, 2025, involved attackers rerouting users to phishing sites designed to trick them into signing malicious transactions, according to reports from multiple sources and according to reports from multiple sources. The protocol emphasized that all smart contracts remain secure, but users were advised to use decentralized Ethereum Name ServiceENS-- (ENS) mirrors to access the platform according to reports from multiple sources.
The attack exploited vulnerabilities in Aerodrome's centralized domain registrar, Box Domains, allowing hackers to take control of the .finance and .box domains. Affected users reported encountering deceptive interfaces that initiated signature requests followed by aggressive prompts to approve unlimited access to assets such as NFTs, ETH, and USDCUSDC--. One user described a two-stage attack where a seemingly innocuous signature request was immediately followed by mass approval prompts, potentially draining wallets if users failed to notice the changes. Early estimates suggest over $1 million was siphoned from compromised accounts within an hour, though the full extent of losses remains unclear.
Aerodrome's response included shutting down access to affected domains and directing users to decentralized mirrors like aero.drome.eth.limo and aero.drome.eth.link. The team also urged users to revoke recent token approvals using tools like Revoke.cash to mitigate risks. This marks the second major front-end breach for Aerodrome in 2025, following similar incidents in late 2023 that resulted in over $300,000 in user losses. The attack occurred just days after Aerodrome announced a merger with Velodrome, a competing DEX on OptimismOP--, to form a cross-chain ecosystem called "Aero". Despite the disruption, the AERO token price remained stable, trading near $0.67 with a 2% gain over 24 hours.
The incident highlights ongoing challenges in DeFi security, where front-end vulnerabilities-unlike on-chain smart contract exploits-can be exploited without breaching core protocol infrastructure. Aerodrome's co-founder, Alexander Cutler, defended the project's response, noting that ENS-based domains and multisig-controlled DNS infrastructure were unaffected and that top security teams were involved in the investigation. Meanwhile, the breach underscores the risks of relying on centralized DNS providers, a common practice in the DeFi space despite the sector's emphasis on decentralization.
Aerodrome's team is collaborating with Box Domains to resolve the issue and has called for urgent support to address the vulnerability. The attack comes amid a broader decline in crypto hack losses, with October 2025 recording the lowest monthly losses of the year at $18.18 million-a stark drop from September's $127 million. However, experts warn that attackers are becoming more sophisticated, with rapid asset drainage and stealth recovery efforts complicating response strategies.
As the investigation continues, Aerodrome and Velodrome have reiterated that liquidity pools and protocol reserves remain intact, urging users to stay vigilant and avoid unverified domains until further updates are provided.
Comprender rápidamente la historia y el origen de diversas monedas conocidas
Latest Articles
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PRO
Comments
No comments yet