Aerodrome Finance, a leading decentralized exchange on Coinbase’s Base network with $400 million in total value locked up, was targeted in a front-end attack late Friday, prompting urgent warnings for users to avoid its primary domains.
The incident appears to be a DNS hijacking of Aerodrome’s centralized domains, which allowed attackers to redirect users to similar phishing pages designed to trick them into signing malicious wallet transactions to separate them from their money. Users are advised to rely on Aerodrome’s decentralized domains instead. Aerodrome has asked My.box, the domain provider, to contact them regarding a potential exploitation of their systems.
These attacks do not compromise the underlying smart contracts that manage user assets and protocol logic on the chain. At the time of writing, it is unconfirmed whether the attack has led to losses or how many users have been affected. Liquidity pools and protocol stocks remain intact, according to Aerodrome.
Aerodrome’s team has been sending real-time updates on X, urging users not to access the compromised domains, aerodrome.finance and aerodrome.box, and instead use decentralized ENS mirrors like aero.drome.eth.limo. To reduce risk, the team recommends revoking recent token approvals using tools like Revoke.cash and avoiding signing transactions from unverified domains.
New attack
Aerodrome has experienced similar front-end attacks before, including two in late 2023 that resulted in approximately $300,000 in user losses.
This latest foray comes just days after Aerodrome announced a merger with Velodrome, consolidating liquidity across Base and Optimism under the new “Aero” ecosystem. Despite the disruption, the AERO token price remained stable at around $0.67, up 2% over the past 24 hours.
The investigation is ongoing.
