AInvest Newsletter
Daily stocks & crypto headlines, free to your inbox
Ethereum News Today: DeFi's Achilles' Heel: Centralized DNS Hijacks Drain User Assets
Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Sunday, Nov 23, 2025 11:22 am ET2min read
AI Podcast:Your News, Now Playing
Aime Summary
Aerodrome, the largest decentralized exchange (DEX) on
Layer 2 network Base, and Velodrome, its counterpart on , suffered a DNS hijack attack early Saturday, redirecting users to phishing sites. The compromise mirrored a similar incident in late 2023, raising concerns about vulnerabilities in centralized domain infrastructure. Both platforms confirmed their smart contracts remained secure but urged users to avoid their main domains, such as Aerodrome.finance and Velodrome.finance, and instead .The attack exploited weaknesses in domain registrars, allowing attackers to alter DNS records and redirect traffic to malicious interfaces. Users were presented with deceptive prompts to approve transactions for draining assets, including NFTs, ETH, and stablecoins
. Aerodrome reported that attackers leveraged Box Domains, its registrar, while Velodrome initially sought help from My.box before retracting the post . Despite the breach, the fraudulent sites ceased functioning by Saturday afternoon, suggesting ongoing mitigation efforts .Investors were reminded that while on-chain contracts are typically secure in such attacks, front-end compromises pose significant phishing risks. "Always verify contract interactions directly on-chain during outages,"
. The 2023 incident, which targeted the same platforms, reportedly caused losses exceeding $100,000 and was linked to domain registrar Porkbun . The recurrence highlights persistent vulnerabilities in centralized DNS systems, which remain a critical attack vector for DeFi protocols .Aerodrome and Velodrome play pivotal roles in their respective ecosystems. Aerodrome dominates Base's liquidity, while Velodrome is a core hub for Optimism's Superchain. A coordinated attack on both platforms simultaneously underscores the cross-ecosystem risks, as many protocols rely on these DEXs for routing and incentives
. The timing is particularly sensitive for Dromos Labs, the team behind Velodrome, which recently announced plans to merge Aerodrome and Velodrome into a unified platform called Aero. The merged protocol, set to launch in Q2 2026, aims to consolidate liquidity across Base and Optimism .The incident has reignited debates about off-chain security in DeFi. While smart contracts are often robust, administrative systems and domain registrars remain vulnerable. Experts recommend solutions like DNSSEC, multi-factor authentication for domain providers, and front-end decentralization via IPFS or
(ENS) .
Industry responses include new solutions like Infoblox's DNS-based threat protection, which integrates with AWS to preemptively block malicious domains
. Such measures could help address the broader issue of DNS vulnerabilities, which are increasingly exploited by attackers to bypass traditional security layers .For now, users are advised to rely on decentralized mirrors or interact directly with verified contract addresses. The attack serves as a stark reminder that even as DeFi protocols strengthen on-chain security, off-chain entry points remain a critical battleground for defending user assets
.
Coin World
Quickly understand the history and background of various well-known coins
Latest Articles
XRP News Today: Vanguard Shifts Stance on Crypto ETFs, Citing Matured Markets and Demand
Dec.02 2025
Alphabet's AI Ecosystem Fuels Flywheel Growth, Propelling Stock 68% in 2025
Dec.02 2025
Striking Baristas Secure $38.9M in Restitution, But Contract Battles Brew On
Dec.02 2025
Bitcoin News Today: Bitcoin's RSI Signals Cyclical Reset as Market Waits for Fed's Decisive Move
Dec.02 2025
Corporate Strategies Test Balance Between Growth and Sustainability
Dec.02 2025
Ainvest News articles are AI-generated using advanced large language model (LLM) technology designed to analyze and synthesize publicly available data and news. While AI tools assist in producing initial drafts and insights, all AI generated content published on Ainvest is subject to comprehensive human editorial review before publication. A designated human editor reviews, verifies, and approves each article for factual accuracy, coherence, and compliance with AInvest Fintech Inc’s editorial and disclosure standards.
Despite these review procedures, the information provided may still contain inaccuracies, incomplete data, or time sensitive references due to the inherent limitations of AI generated analysis and evolving changes. The material is provided strictly for informational and educational purposes and does not constitute personalized investment, legal, or financial advice. Readers should independently verify all facts, figures, and statements before making any decision based on this content.
AInvest Fintech Inc. its affiliates, and partners accept no liability or responsibility for any direct or consequential losses arising from reliance on this content. All articles and analyses are subject to revision, update, or removal without prior notice to maintain accuracy and integrity in our publications.
Comments
No comments yet