Ethereum Updates: DeFi's Vulnerability Exposed—Centralized DNS Attacks Lead to User Asset Loss

Aerodrome, the leading decentralized exchange (DEX) operating on

Layer 2 network Base, along with Velodrome, its equivalent on , experienced a DNS hijacking incident early Saturday, which redirected users to fraudulent websites. This breach closely resembled an event from late 2023, highlighting ongoing weaknesses in centralized domain management. Both exchanges assured users that their smart contracts were unaffected, but cautioned against accessing their main domains, such as Aerodrome.finance and Velodrome.finance, recommending instead to .

The attackers exploited flaws in domain registrar systems, enabling them to modify DNS settings and reroute visitors to malicious front-ends. Victims encountered misleading prompts, tricking them into approving transactions that drained their assets, including NFTs, ETH, and stablecoins

. Aerodrome indicated that the attackers targeted Box Domains, its registrar, while Velodrome initially reached out to My.box for assistance before withdrawing the statement . Despite the compromise, the phishing sites were taken offline by Saturday afternoon, suggesting that mitigation steps were underway .

Investors were reminded that although on-chain contracts generally remain secure during such incidents, compromised front-ends present serious phishing dangers. "Always confirm contract interactions directly on-chain if the website is down,"

. The 2023 attack on these platforms reportedly resulted in losses exceeding $100,000, with the breach traced back to registrar Porkbun . The recurrence of these attacks underscores the persistent risks associated with centralized DNS, which continues to be a major vulnerability for DeFi projects .

Aerodrome and Velodrome are crucial to their respective blockchain ecosystems. Aerodrome is the primary source of liquidity on Base, while Velodrome serves as a central hub for Optimism’s Superchain. The simultaneous targeting of both DEXs highlights the interconnected risks across ecosystems, as many protocols depend on them for routing and incentives

. The incident comes at a sensitive time for Dromos Labs, the team behind Velodrome, which recently revealed plans to merge Aerodrome and Velodrome into a single platform called Aero. This unified protocol, scheduled for launch in Q2 2026, is intended to pool liquidity across both Base and Optimism .

This event has reignited discussions about the importance of off-chain security in DeFi. While smart contracts are often robust, administrative controls and domain registrars remain susceptible to attacks. Experts suggest implementing measures such as DNSSEC, multi-factor authentication for domain accounts, and decentralizing front-ends using IPFS or

(ENS) . Aerodrome and Velodrome have also recommended that users revoke recent token permissions and utilize services like Revoke.cash to reduce exposure .

Industry responses include the introduction of solutions such as Infoblox’s DNS-based threat protection, which works with AWS to proactively block harmful domains

. These approaches may help address the broader challenge of DNS security, as attackers increasingly exploit these weaknesses to circumvent conventional defenses .

For now, users are encouraged to access decentralized mirror sites or interact directly with verified contract addresses. This incident is a stark reminder that, even as DeFi protocols bolster on-chain protections, off-chain vulnerabilities continue to pose significant threats to user assets

.