AInvest Newsletter
Daily stocks & crypto headlines, free to your inbox
Ethereum News Today: Centralized DNS Breach Exposes DeFi's Vulnerability: Aerodrome Loses $1M
Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Sunday, Nov 23, 2025 2:03 am ET2min read
AI Podcast:Your News, Now Playing
Aime SummaryAerodrome Finance, the leading decentralized exchange (DEX) on Coinbase's Base network, is investigating a suspected DNS hijacking attack that compromised its centralized domains, prompting urgent warnings for users to avoid accessing its primary websites. The incident, which occurred on November 22, 2025, involved attackers rerouting users to phishing sites designed to trick them into signing malicious transactions,
and . The protocol emphasized that all smart contracts remain secure, but users were advised to use decentralized (ENS) mirrors to access the platform .The attack exploited vulnerabilities in Aerodrome's centralized domain registrar, Box Domains, allowing hackers to take control of the .finance and .box domains. Affected users reported encountering deceptive interfaces that
to approve unlimited access to assets such as NFTs, ETH, and . One user described a two-stage attack where a seemingly innocuous signature request was immediately followed by mass approval prompts, the changes. Early estimates suggest over $1 million was siphoned from compromised accounts within an hour, though .Aerodrome's response included shutting down access to affected domains and
and aero.drome.eth.link. The team also using tools like Revoke.cash to mitigate risks. This marks the second major front-end breach for Aerodrome in 2025, that resulted in over $300,000 in user losses. The attack occurred just days after Aerodrome announced a merger with Velodrome, a competing DEX on , to form a cross-chain ecosystem called "Aero". Despite the disruption, the AERO token price remained stable, over 24 hours.The incident highlights ongoing challenges in DeFi security, where front-end vulnerabilities-unlike on-chain smart contract exploits-can be exploited without breaching core protocol infrastructure.
the project's response, noting that ENS-based domains and multisig-controlled DNS infrastructure were unaffected and that top security teams were involved in the investigation. Meanwhile, of relying on centralized DNS providers, a common practice in the DeFi space despite the sector's emphasis on decentralization.
Aerodrome's team is
to resolve the issue and has called for urgent support to address the vulnerability. in crypto hack losses, with October 2025 recording the lowest monthly losses of the year at $18.18 million-a stark drop from September's $127 million. However, experts warn that attackers are becoming more sophisticated, efforts complicating response strategies.As the investigation continues,
that liquidity pools and protocol reserves remain intact, urging users to stay vigilant and avoid unverified domains until further updates are provided.
Coin World
Quickly understand the history and background of various well-known coins
Latest Articles
XRP News Today: Vanguard Shifts Stance on Crypto ETFs, Citing Matured Markets and Demand
Dec.02 2025
Alphabet's AI Ecosystem Fuels Flywheel Growth, Propelling Stock 68% in 2025
Dec.02 2025
Striking Baristas Secure $38.9M in Restitution, But Contract Battles Brew On
Dec.02 2025
Bitcoin News Today: Bitcoin's RSI Signals Cyclical Reset as Market Waits for Fed's Decisive Move
Dec.02 2025
Corporate Strategies Test Balance Between Growth and Sustainability
Dec.02 2025
Ainvest News articles are AI-generated using advanced large language model (LLM) technology designed to analyze and synthesize publicly available data and news. While AI tools assist in producing initial drafts and insights, all AI generated content published on Ainvest is subject to comprehensive human editorial review before publication. A designated human editor reviews, verifies, and approves each article for factual accuracy, coherence, and compliance with AInvest Fintech Inc’s editorial and disclosure standards.
Despite these review procedures, the information provided may still contain inaccuracies, incomplete data, or time sensitive references due to the inherent limitations of AI generated analysis and evolving changes. The material is provided strictly for informational and educational purposes and does not constitute personalized investment, legal, or financial advice. Readers should independently verify all facts, figures, and statements before making any decision based on this content.
AInvest Fintech Inc. its affiliates, and partners accept no liability or responsibility for any direct or consequential losses arising from reliance on this content. All articles and analyses are subject to revision, update, or removal without prior notice to maintain accuracy and integrity in our publications.
Comments
No comments yet