Ethereum News Today: DeFi's Achilles' Heel: Centralized DNS Hijacks Drain User Assets
Aime Summary
Aerodrome, the largest decentralized exchange (DEX) on EthereumETH-- Layer 2 network Base, and Velodrome, its counterpart on OptimismOP--, suffered a DNS hijack attack early Saturday, redirecting users to phishing sites. The compromise mirrored a similar incident in late 2023, raising concerns about vulnerabilities in centralized domain infrastructure. Both platforms confirmed their smart contracts remained secure but urged users to avoid their main domains, such as Aerodrome.finance and Velodrome.finance, and instead use decentralized mirrors.
The attack exploited weaknesses in domain registrars, allowing attackers to alter DNS records and redirect traffic to malicious interfaces. Users were presented with deceptive prompts to approve transactions for draining assets, including NFTs, ETH, and stablecoins according to Bitget. Aerodrome reported that attackers leveraged Box Domains, its registrar, while Velodrome initially sought help from My.box before retracting the post according to CryptoRank. Despite the breach, the fraudulent sites ceased functioning by Saturday afternoon, suggesting ongoing mitigation efforts according to FinanceFeeds.
Investors were reminded that while on-chain contracts are typically secure in such attacks, front-end compromises pose significant phishing risks. "Always verify contract interactions directly on-chain during outages," advised security experts. The 2023 incident, which targeted the same platforms, reportedly caused losses exceeding $100,000 and was linked to domain registrar Porkbun according to FinanceFeeds. The recurrence highlights persistent vulnerabilities in centralized DNS systems, which remain a critical attack vector for DeFi protocols according to Bitget.
Aerodrome and Velodrome play pivotal roles in their respective ecosystems. Aerodrome dominates Base's liquidity, while Velodrome is a core hub for Optimism's Superchain. A coordinated attack on both platforms simultaneously underscores the cross-ecosystem risks, as many protocols rely on these DEXs for routing and incentives according to FinanceFeeds. The timing is particularly sensitive for Dromos Labs, the team behind Velodrome, which recently announced plans to merge Aerodrome and Velodrome into a unified platform called Aero. The merged protocol, set to launch in Q2 2026, aims to consolidate liquidity across Base and Optimism according to FinanceFeeds.
The incident has reignited debates about off-chain security in DeFi. While smart contracts are often robust, administrative systems and domain registrars remain vulnerable. Experts recommend solutions like DNSSEC, multi-factor authentication for domain providers, and front-end decentralization via IPFS or Ethereum Name ServiceENS-- (ENS) according to FinanceFeeds.
Aerodrome and Velodrome have also advised users to revoke recent token approvals and use tools like Revoke.cash to mitigate risks according to Bitget.
Industry responses include new solutions like Infoblox's DNS-based threat protection, which integrates with AWS to preemptively block malicious domains according to GlobalNewswire. Such measures could help address the broader issue of DNS vulnerabilities, which are increasingly exploited by attackers to bypass traditional security layers according to GlobalNewswire.
For now, users are advised to rely on decentralized mirrors or interact directly with verified contract addresses. The attack serves as a stark reminder that even as DeFi protocols strengthen on-chain security, off-chain entry points remain a critical battleground for defending user assets according to FinanceFeeds.
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PRO
Comments
No comments yet