Aerodrome Finance Hit By DNS Hijack As Attackers Redirect Users to Phishing Sites

Aerodrome Finance faces a DNS attack but smart contracts and funds remain secure.

Users should avoid main domains and use decentralized ENS domains for safety.

The investigation is ongoing and users are advised to revoke recent token approvals.

Aerodrome Finance, a decentralized exchange on Coinbase’s Base network, experienced a front-end attack late Friday. The platform has $400 million in total value locked. The incident involved DNS hijacking of Aerodrome’s centralized domains. Attackers redirected users to phishing sites designed to steal wallet funds. Users are warned to avoid aerodrome.finance and aerodrome.box. Instead, they should use decentralized ENS domains like aero.drome.eth.limo.

The attack did not affect the platform’s smart contracts. These contracts, which manage user funds and protocol logic on-chain, remain secure. Liquidity pools and protocol treasuries are also unaffected. At this time, it is unclear whether any user funds were compromised. Aerodrome has requested its domain provider, My.box, to investigate potential system exploits. The team continues to monitor the situation closely and provide real-time updates on X.

Risks and User Guidance

Users are urged to avoid signing transactions on unverified domains. Malicious sites can trick users into approving token transfers. To minimize risks, Aerodrome recommends revoking recent token approvals. Tools such as Revoke.cash can help users manage these permissions.

The team also suggests using decentralized ENS mirrors to access the platform safely. Previous attacks on Aerodrome in late 2023 led to approximately $300,000 in user losses. Those incidents involved similar front-end phishing schemes.

Recent Developments and Market Impact

The attack comes days after Aerodrome announced a merger with Velodrome. The merger aims to consolidate liquidity across Base and Optimism networks under the “Aero” ecosystem. The price of the AERO token was not affected by the security disruption and was stable at approximately $0.67. It increased by 2% in the last 24 hours. The investors seem to have remained faithful to the basic functionality of the platform. In the meantime, the investigation of the phishing attack is in progress.

Ongoing Investigation and Precautions

Aerodrome continues to track the source and impact of the DNS hijacking. The team liaises with content sources and cybersecurity scholars. It is highly recommended that users be vigilant and abide by statements on official sources Moreover, Lazarus Group stole $1.4 billion from Bybit using test transactions and linked wallets in a major crypto hack.

Decentralized domains provide safer access until the primary domains are verified. Front-end attacks remain a recurring challenge for decentralized platforms, emphasizing the importance of careful transaction approvals. The platform plans to update users continuously as new information emerges.