Aerodrome Finance Investigates DNS Hijack as Frontend Compromise Targets Base Ecosystem Users

Source: ETHNews Original Title: Aerodrome Finance Investigates DNS Hijack as Frontend Compromise Targets Base Ecosystem Users Original Link: https://www.ethnews.com/aerodrome-finance-investigates-dns-hijack-as-frontend-compromise-targets-base-ecosystem-users/ Aerodrome Finance, the largest decentralized exchange operating on a major blockchain’s Base network, is investigating a suspected DNS hijacking attack that redirected users to a malicious frontend interface. While the project confirmed that all smart contracts and on-chain funds remain secure, the centralized web domains that route users to the DEX were compromised.

Frontend Domains Redirected to Malicious Clone

According to the Aerodrome team, the affected domains include their primary .finance and .box URLs. Attackers appear to have gained control over the domain registrar, enabling them to reroute visitors to a fraudulent website designed to mimic the legitimate platform.

Users who unknowingly accessed the spoofed site were reportedly prompted to sign harmful transaction approvals. These approvals could grant the attacker unlimited access to a user’s assets, including ETH, USDC, NFTs, and other tokens, potentially enabling full wallet drains.

DNS Hijacking Likely the Vector

Initial findings indicate a classic DNS hijacking attack, where adversaries alter the domain’s routing at the registrar level. This attack does not require compromising the protocol itself, only the infrastructure that directs users to it. The Aerodrome team emphasized that the DEX’s contracts are fully intact and were never breached.

A parallel warning was also issued by Velodrome, Aerodrome’s sister protocol on the Optimism network. The simultaneous alerts raise concerns that the attackers may have exploited a vulnerability affecting the domain provider used by multiple DeFi projects.

Safety Instructions for Users

The Aerodrome team issued urgent guidance to protect users from the compromised frontend:

Avoid all official .finance and .box domains

Until the investigation is complete, users should not visit or interact with the usual Aerodrome URLs.

Use decentralized ENS-powered mirrors instead

Aerodrome deployed two verified, censorship-resistant access points using the Ethereum Name Service (ENS). These alternatives bypass traditional DNS and remain safe to use:

• aero.drome.eth.limo
• aero.drome.eth.link

These domains are hosted through decentralized gateways, reducing reliance on centralized domain registrars vulnerable to such attacks.

Review wallet approvals

Users are urged to check their existing token approvals and revoke any unfamiliar or unlimited allowances. The incident serves as a reminder that malicious contracts often disguise themselves as ordinary approvals.

A Wake-Up Call for DeFi Frontend Security

While the underlying contracts on Base remain fully secure, the attack exposes the fragility of centralized domain layers that sit above decentralized protocols. As DeFi expands across networks like Base and Optimism, ensuring secure and redundant access points is increasingly essential.

Aerodrome’s investigation is ongoing, and the team expects to issue further updates as they work to restore full frontend integrity.