Ethereum News Update: Major DEX Compromised as Centralized DNS Vulnerability Threatens DeFi Security

Aerodrome Finance, recognized as the top decentralized exchange (DEX) on

Layer 2 network Base, along with Velodrome, its equivalent on , early Saturday. This led to urgent advisories for users to avoid the official websites and instead use decentralized mirror sites. The breach, , enabled attackers to redirect visitors to phishing pages crafted to deceive users into approving harmful transactions. Both exchanges stressed that their core smart contracts were unaffected, but users were urged to revoke any recent token permissions and steer clear of suspicious domains .

This incident is reminiscent of a similar attack in late 2023, when the front-ends of Aerodrome and Velodrome were also compromised,

. The most recent compromise happened just after Aerodrome under a unified "Aero" ecosystem, aiming to pool liquidity across both Base and Optimism. Despite the incident, the value of the AERO token , trading near $0.67, marking a 2% rise in the last 24 hours.

The DNS hijack took advantage of weaknesses in centralized domain registrars, sending users to fake sites that closely resembled the DEXs' original interfaces.

, such as innocent-looking signature requests followed by aggressive prompts to approve NFTs, ETH, and stablecoins. The Aerodrome team after noticing suspicious domain activity and quickly disabled access to affected domains like aerodrome.finance and aerodrome.box, such as aero.drome.eth.limo. Velodrome issued similar guidance, urging users to avoid centralized domains and use decentralized options .

This event underscores persistent threats in decentralized finance (DeFi), where vulnerabilities in front-end infrastructure—unlike on-chain smart contract exploits—can be targeted without breaching the protocol itself.

that their liquidity pools and protocol reserves were unaffected. Nevertheless, the breach highlights the necessity for stronger domain security, especially for projects dependent on centralized DNS providers.

Aerodrome’s team is currently working with its domain provider, My.box, to investigate the incident and

to address the problem. The DEX also so users can remove recent token permissions and reduce the risk from any lingering malicious access.

The coordinated nature of this attack raises alarms about broader weaknesses in domain management, suggesting that other DeFi platforms could face similar risks. As the sector continues to move toward decentralization, dependence on centralized DNS remains a major concern.