Aerodrome DEX Hit by DNS Hijack, Users Steered to Phishing Sites on Base

Aerodrome Finance, a key decentralised exchange operating on Base, has reported a front-end DNS hijack that directed users to phishing sites capable of stealing wallet credentials. The team confirmed that their on-chain smart contracts, liquidity pools, and treasury funds remain secure, with no evidence yet of user losses.

The malicious redirection targeted the exchange’s centralised domains, with users advised to switch to decentralised alternatives and to revoke any recent approvals via Revoke.cash. Aerodrome has also reached out to its domain provider, My.box, to investigate a possible exploit.

Related: DOJ Moves to Seize US$15M in Stolen USDT as North Korean Crypto Hackers Face Crackdown

History of Security Incidents

Aerodrome has faced similar attacks before. In November 2023, front-end compromises resulted in losses of around US$195,000 (AU$300,000). This latest incident follows the announcement of a merger with Velodrome, Optimism’s top DEX, to unify both platforms’ liquidity and tokens under the “Aero” ecosystem. Despite the disruption, the AERO token held steady at US$0.67 (AU$1.03), representing a slight 2% increase over the last day.

The DNS hijack underscores the risks that front-end exploits pose to users, even when smart contracts remain untouched. Attackers can reroute traffic to convincing phishing sites, potentially capturing private keys, authorising fraudulent transactions, or distributing malware.

Aerodrome continues to post updates on X, advising users to avoid the compromised domains and follow recommended security precautions. The team’s response emphasises the importance of vigilance and rapid communication in protecting funds within the DeFi ecosystem.

Related: LastPass Security Breach: $4.4 Million in Cryptocurrencies Stolen