Ethereum News Today: Centralized DNS Flaw Undermines DeFi Security in Major DEX Breach

Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Saturday, Nov 22, 2025 2:04 pm ET1min read
ETH--
OP--
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- Aerodrome and Velodrome DEXs suffered DNS hijacking attacks, redirecting users to phishing sites via centralized domain vulnerabilities.

- Attackers exploited compromised domains to trick users into signing malicious transactions, mirroring a 2023 incident that caused $300,000+ losses.

- Platforms urged users to revoke token approvals and use ENS mirrors, emphasizing secure smart contracts but highlighting DeFi's front-end risks.

- The breach occurred days after Aerodrome's planned merger with Velodrome, underscoring domain security gaps in decentralized finance infrastructure.

Aerodrome Finance, the leading decentralized exchange (DEX) on EthereumETH-- Layer 2 network Base, and Velodrome, its counterpart on OptimismOP--, suffered a front-end compromise early Saturday, prompting urgent warnings for users to avoid their primary domains and use decentralized mirrors. The incident, attributed to a DNS hijacking attack, allowed attackers to reroute traffic to phishing sites designed to trick users into signing malicious transactions. Both platforms emphasized that their underlying smart contracts remain secure, but users are advised to revoke recent token approvals and avoid unverified domains according to the report.

The attack mirrors a similar incident in late 2023, when Aerodrome and Velodrome's front-ends were compromised, resulting in over $300,000 in user losses. This latest breach occurred just days after Aerodrome announced plans to merge with Velodrome under the unified "Aero" ecosystem, aiming to consolidate liquidity across Base and Optimism. Despite the disruption, the AERO token's price remained stable, trading at approximately $0.67, a 2% increase over the prior 24 hours.

The DNS hijacking exploited vulnerabilities in centralized domain providers, redirecting users to malicious sites that mimicked the DEXs' interfaces. Affected users reported deceptive prompts, including seemingly innocuous signature requests followed by aggressive approval demands for NFTs, ETH, and stablecoins. Aerodrome's team detected the compromise after identifying unusual domain activity and swiftly shut down access to compromised domains like aerodrome.finance and aerodrome.box, urging users to switch to ENS mirrors such as aero.drome.eth.limo. Velodrome similarly advised users to avoid its centralized domains and leverage decentralized alternatives according to the report.

The attack highlights ongoing risks in decentralized finance (DeFi), where front-end vulnerabilities - unlike on-chain smart contract breaches - can be exploited without directly compromising protocol infrastructure. Aerodrome and Velodrome reiterated that liquidity pools and protocol treasuries remain intact. However, the incident underscores the need for robust domain security measures, particularly for projects relying on centralized DNS services.

Aerodrome's team is investigating the breach alongside its domain provider, My.box, and has requested urgent assistance to resolve the issue. The DEX also recommended tools like Revoke.cash for users to revoke recent token approvals, mitigating potential risks from lingering malicious permissions.

The coordinated nature of the attack raises concerns about broader vulnerabilities in domain management systems, with multiple DeFi platforms potentially exposed to similar threats. As the industry continues to prioritize decentralization, the reliance on centralized DNS services remains a critical point of contention.

author avatar
Coin World

Quickly understand the history and background of various well-known coins

Latest Articles

Stay ahead of the market.

Get curated U.S. market news, insights and key dates delivered to your inbox.