Ethereum News Today: Centralized DNS Flaw Undermines DeFi Security in Major DEX Breach

Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Saturday, Nov 22, 2025 2:04 pm ET1min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- Aerodrome and Velodrome DEXs suffered DNS hijacking attacks, redirecting users to phishing sites via centralized domain vulnerabilities.

- Attackers exploited compromised domains to trick users into signing malicious transactions, mirroring a 2023 incident that caused $300,000+ losses.

- Platforms urged users to revoke token approvals and use ENS mirrors, emphasizing secure smart contracts but highlighting DeFi's front-end risks.

- The breach occurred days after Aerodrome's planned merger with Velodrome, underscoring domain security gaps in decentralized finance infrastructure.

Aerodrome Finance, the leading decentralized exchange (DEX) on

Ethereum
Layer 2 network Base, and Velodrome, its counterpart on
Optimism
,
suffered a front-end compromise
early Saturday, prompting urgent warnings for users to avoid their primary domains and use decentralized mirrors. The incident,
attributed to a DNS hijacking attack
, allowed attackers to reroute traffic to phishing sites designed to trick users into signing malicious transactions. Both platforms emphasized that their underlying smart contracts remain secure, but users are advised to revoke recent token approvals and avoid unverified domains
according to the report
.

The attack mirrors a similar incident in late 2023, when Aerodrome and Velodrome's front-ends were compromised,

resulting in over $300,000 in user losses
. This latest breach occurred just days after Aerodrome
announced plans to merge with Velodrome
under the unified "Aero" ecosystem, aiming to consolidate liquidity across Base and Optimism. Despite the disruption, the AERO token's price
remained stable
, trading at approximately $0.67, a 2% increase over the prior 24 hours.

The DNS hijacking exploited vulnerabilities in centralized domain providers, redirecting users to malicious sites that mimicked the DEXs' interfaces.

Affected users reported deceptive prompts
, including seemingly innocuous signature requests followed by aggressive approval demands for NFTs, ETH, and stablecoins. Aerodrome's team
detected the compromise
after identifying unusual domain activity and swiftly shut down access to compromised domains like aerodrome.finance and aerodrome.box,
urging users to switch to ENS mirrors
such as aero.drome.eth.limo. Velodrome similarly advised users to avoid its centralized domains and leverage decentralized alternatives
according to the report
.

The attack highlights ongoing risks in decentralized finance (DeFi), where front-end vulnerabilities - unlike on-chain smart contract breaches - can be exploited without directly compromising protocol infrastructure.

Aerodrome and Velodrome reiterated
that liquidity pools and protocol treasuries remain intact. However, the incident underscores the need for robust domain security measures, particularly for projects relying on centralized DNS services.

Aerodrome's team is investigating the breach alongside its domain provider, My.box, and

has requested urgent assistance
to resolve the issue. The DEX also
recommended tools like Revoke.cash
for users to revoke recent token approvals, mitigating potential risks from lingering malicious permissions.

The coordinated nature of the attack raises concerns about broader vulnerabilities in domain management systems, with multiple DeFi platforms potentially exposed to similar threats. As the industry continues to prioritize decentralization, the reliance on centralized DNS services remains a critical point of contention.