Aerodrome Finance, a major decentralized exchange on Coinbase’s Base network with a total value locked of $400 million, was the target of a frontal attack on Friday night, prompting urgent warnings for users to avoid its main domains.
The incident appears to be a DNS hijack of Aerodrome’s centralized domains, which allowed attackers to redirect users to similar phishing sites designed to trick them into signing malicious wallet transactions to separate them from their funds. Users are recommended to trust Aerodrome decentralized domains. Aerodrome has asked My.box, the domain provider, to contact them about a possible vulnerability in their systems.
These attacks do not compromise the underlying smart contracts, which manage user funds and on-chain protocol logic. At the time of writing, it is not confirmed whether the attack has resulted in losses or how many users have been affected. Liquidity pools and protocol treasuries remain intact, according to Aerodrome.
The Aerodrome team has been posting real-time updates to To reduce risk, the team recommends revoking recent token approvals using tools like Revoke.cash and avoiding signing transactions from unverified domains.
New attack
Aerodrome has experienced similar frontal attacks before, including two in late 2023 that resulted in approximately $300,000 in user losses.
This latest attack comes just days after Aerodrome announced a merger with Velodrome, consolidating liquidity in Base and Optimism under the new “Aero” ecosystem. Despite the outage, the AERO token price remained stable at around $0.67, an increase of 2% in the last 24 hours.
The investigation is ongoing.
