Aerodrome Finance, the main decentralized change on the Base community, confirmed it’s investigating a suspected DNS hijacking assault that compromised its centralized domains.
The protocol warned customers to keep away from accessing its main .finance and .field domains and as a substitute use two safe decentralized mirrors hosted on ENS infrastructure.
The assault unfolded quickly, with affected customers reporting malicious signature requests designed to empty a number of belongings, together with NFTs, ETH, and USDC, by limitless approval prompts.
Whereas the group maintains that each one sensible contracts stay safe, the frontend compromise uncovered customers to classy phishing makes an attempt that would have drained wallets for many who weren’t fastidiously monitoring transaction approvals.
We’re actively investigating a frontend compromise.
Please don’t entry the positioning by any URL — main area or decentralized mirrors — till we verify every thing is protected.
All sensible contracts seem safe. Updates quickly.— Aerodrome (@AerodromeFi) November 22, 2025
DNS Hijacking Forces Emergency Protocol Lockdown
Aerodrome’s investigation started when the group detected uncommon exercise on its main area infrastructure roughly six hours earlier than issuing public warnings.
The protocol instantly flagged its area supplier, Field Domains, as probably compromised and urged the service to achieve out urgently.
Inside hours, the group confirmed that each centralized domains, .finance and .field, had been hijacked and remained below attacker management.
The protocol responded by shutting down entry to all main URLs whereas establishing two verified protected alternate options: aero.drome.eth.limo and aero.drome.eth.hyperlink.
Replace: centralized domains (.finance and .field) stay compromised. Please don’t use both area for now.
Two decentralized mirrors stay protected to make use of:https://t.co/7U8yRQs1Lihttps://t.co/mnbqM27GdS
All sensible contracts stay safe.
We’ll present additional updates because the… https://t.co/1VPGDnq10L— Aerodrome (@AerodromeFi) November 22, 2025
These decentralized mirrors leverage the Ethereum Identify Service, which operates independently of conventional DNS programs which can be weak to hijacking.
The group emphasised that sensible contract safety remained intact all through the incident, containing the breach completely to frontend entry factors.
Sister protocol Velodrome confronted related threats, prompting its group to subject parallel warnings about area safety.
The coordinated nature of the warnings advised that attackers might have systematically focused Field Domains’ infrastructure to compromise a number of DeFi platforms concurrently.
Customers Report Aggressive Multi-Asset Drain Makes an attempt
One affected consumer described encountering the malicious interface earlier than official warnings circulated, detailing how the compromised website deployed a misleading two-stage assault.
The hijacked frontend first requested what gave the impression to be a innocent signature containing solely the quantity “1,” establishing preliminary pockets connection.
Instantly after this seemingly innocuous request, the interface triggered a vast variety of approval prompts for NFTs, ETH, USDC, and WETH.
“It requested for a easy signature, then immediately tried limitless approvals to empty NFTs, ETH, and USDC,” the consumer reported. “If you happen to weren’t paying consideration, you can’ve misplaced every thing.”
The sufferer documented the assault by screenshots and video recordings, capturing the development from preliminary signature request by a number of drain makes an attempt.
Earlier than these limitless approval prompts, the hijacked website first requested me to signal a harmless-looking message with simply “1”.
Proper after, it triggered approvals to empty NFTs, ETH, USDC, WETH, every thing.
If you happen to weren’t paying consideration, you can lose your complete pockets immediately. pic.twitter.com/bJxFazMEvn— Mynimal Monster (@MynimalM) November 22, 2025
Their investigation, performed with AI help, examined browser configurations, extensions, DNS settings, and RPC endpoints earlier than concluding that the assault sample aligned with DNS hijacking methodology.
One other group member shared an expertise with a separate, draining incident not too long ago, describing themselves as a seasoned veteran and full-stack developer who nonetheless fell sufferer to classy assaults.
Regardless of technical experience, the consumer misplaced important funds and spent 3 days growing a Jito bundle-based script to recuperate roughly 10-15% of the stolen belongings by on-chain stealth operations.
October Data Lowest Crypto Hack Losses of the 12 months
The Aerodrome incident emerged throughout October’s sudden safety milestone, because the crypto market skilled its lowest month-to-month hack losses of the yr.
Knowledge from blockchain safety agency PeckShield reveals solely $18.18 million was stolen throughout 15 separate incidents, representing a steep 85.7% decline from September’s $127.06 million.
With out the late-month Backyard Finance exploit, whole losses would have hovered close to $7.18 million, the bottom single-month worth since early 2023.
The most important incidents occurred at Backyard Finance, Typus Finance, and Abracadabra, which collectively accounted for $16.2 million of whole stolen funds.
Backyard Finance loses $10.8 million in exploit as on-chain knowledge reveals over 25% of platform quantity linked to stolen funds from main safety breaches.#Crypto #Bitcoin #Exploithttps://t.co/Tb8zYW8oPH
— Cryptonews.com (@cryptonews) October 30, 2025
Backyard Finance, a Bitcoin peer-to-peer protocol, disclosed on October 30 that it had been exploited for greater than $10 million after considered one of its solvers was compromised, with the breach affecting solely the solver’s personal stock.
Typus Finance suffered an oracle manipulation assault on October 15 that drained roughly $3.4 million from its liquidity swimming pools, traced to a flaw in considered one of its TLP contracts that prompted the venture’s native token to drop about 35%.
DeFi lending platform Abracadabra endured its third exploit since launch across the identical time, leading to roughly $1.8 million in MIM stablecoin losses after hackers bypassed solvency checks by a sensible contract vulnerability.
The publish Base’s Prime DEX Aerodrome Hit by a Suspected Frontend Safety Breach appeared first on Cryptonews.
Backyard Finance loses $10.8 million in exploit as on-chain knowledge reveals over 25% of platform quantity linked to stolen funds from main safety breaches.#Crypto #Bitcoin #Exploithttps://t.co/Tb8zYW8oPH