Leading DEXs on Base and Optimism confirm DNS hijack, instruct traders to use decentralized mirrors as investigations continue.
Two of the largest decentralized exchanges on Ethereum Layer-2 networks — Aerodrome on Base and Velodrome on Optimism — suffered a front-end security compromise early Saturday, prompting urgent warnings for users to avoid their primary domains.
Developers confirmed that the attack targeted their DNS records, not the core smart contracts, meaning on-chain funds remain safe while web interfaces are restored.
DNS Hijack Redirected Users to Fraudulent Sites
Both protocols reported that attackers hijacked their centralized DNS settings, enabling them to redirect users to malicious look-alike websites even when the correct URL was entered.
This type of compromise allows scammers to intercept transactions or trick users into connecting their wallets.
In their initial statement, the Velodrome team said:
“We are actively investigating a DNS hijack affecting our primary domain. Smart contracts are secure, and users should access the platform only through decentralized mirrors.”
Aerodrome echoed the warning, urging its community to avoid the main .finance and .box domains until a full fix is deployed.
Although the malicious site was briefly live Saturday morning, by the afternoon it had stopped loading — a sign that remediation efforts were underway.
Not the First Time: A Nearly Identical Attack in 2023
The timing raised concerns across the ecosystem, as both platforms suffered a similar front-end exploitation in late 2023.
Back then, blockchain investigator ZachXBT estimated losses of over $100,000 and traced the root cause to vulnerabilities linked to a domain registrar.
The recurrence underscores how front-end infrastructure remains one of DeFi’s weakest points — despite secure smart contracts.
Unified “Aero” Platform on the Horizon
The compromise comes as Dromos Labs, the team behind Velodrome, moves forward with plans to merge both sister DEXs into a unified platform called Aero, set to launch in Q2 2026.
The upgrade will consolidate existing tokens into a single AERO asset designed to represent the combined economic output of both exchanges.
The incident is unlikely to affect the long-term roadmap, but it highlights the importance of hardened front-end security as the platforms prepare to integrate.
As of now, both teams are working to fully restore DNS control and ensure no lingering vulnerabilities remain. Users are advised to rely on decentralized mirror links until official confirmation is issued.
The episode serves as a reminder that secure smart contracts alone do not guarantee user safety — the path users take to reach those contracts is equally critical.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.