Aerodrome Finance Investigates Suspected Frontend Security Breach
Aerodrome Finance, the leading decentralized exchange on the Base network, has confirmed that it is investigating a suspected DNS hijacking attack that compromised its centralized domains. The protocol has warned users to avoid accessing the primary.finance and.box domains and instead use two secure decentralized mirrors hosted on the ENS infrastructure.
The attack developed quickly, with affected users reporting malicious signature requests aimed at encumbering multiple assets, including NFTs, ETH, and USDC, through unlimited permission requests. While the team maintains that all smart contracts remain secure, the frontend compromise exposed users to sophisticated phishing attempts that could have put a strain on the wallets of those who did not carefully monitor transaction approvals.
We are actively investigating a frontend compromise. Please do not access the site via any URL – primary domain or decentralized mirrors – until we confirm everything is secure. All smart contracts appear to be secure. Updates soon.
Investigation and Response
Aerodrome’s investigation began when the team noticed unusual activity in the primary domain infrastructure approximately six hours before public alerts were issued. The protocol immediately flagged its domain provider Box Domains as potentially compromised and asked the service to report immediately. Within hours, the team confirmed that both centralized domains,.finance and.box, had been hijacked and remained under the attacker’s control.
The protocol responded by blocking access to all primary URLs while establishing two verified safe alternatives: aero.drome.eth.limo and aero.drome.eth.link. These decentralized mirrors use the Ethereum Name Service, which operates independently of traditional DNS systems that are vulnerable to hijacking.
Users Report Aggressive Multi-Asset Drain Attempts
One affected user described encountering the malicious interface before official warnings were distributed and detailed how the compromised website carried out a fraudulent two-stage attack. The hijacked frontend initially requested a seemingly harmless signature that only contained the number “1” and used it to establish an initial wallet connection.
Immediately after this seemingly innocuous request, the interface triggered an unlimited number of approval requests for NFTs, ETH, USDC, and WETH. “It asked for a simple signature and then immediately tried to grant unlimited permissions to dump NFTs, ETH and USDC,” the user reported. “If you weren’t careful, you could have lost everything.”
October Records Lowest Crypto Hack Losses of the Year
The airfield incident occurred during October’s unexpected security milestone, when the crypto market recorded its lowest monthly hack losses of the year. Data from blockchain security firm PeckShield shows that just $18.18 million was stolen in 15 separate incidents, a significant 85.7% decrease from $127.06 million in September.
Without the Garden Finance exploit at the end of the month, total losses would have been around $7.18 million, the lowest single-month figure since early 2023. The largest incidents occurred at Garden Finance, Typus Finance, and Abracadabra, which accounted for a total of $16.2 million of the stolen funds.
For more information, visit https://cryptonews.com/news/bases-top-dex-aerodrome-hit-by-a-suspected-frontend-security-breach/
