Aerodrome Finance, one of the leading decentralized exchanges on Coinbase’s core network with a total value locked of $400 million, was the target of a frontal attack Friday evening, prompting users to avoid its core domains.
The incident appears to be a DNS hijacking of Aerodrome’s centralized domains, which allowed the attackers to redirect users to similar phishing sites designed to trick them into signing malicious wallet transactions to separate them from their funds. Users are advised to rely on Aerodrome’s decentralized domains instead. Aerodrome asked My.box, the domain provider, to contact them regarding a potential exploit of their systems.
These attacks do not compromise the underlying smart contracts, which manage user funds and on-chain protocol logic. At the time of writing, it is not confirmed whether the attack resulted in any losses or how many users were affected. Liquidity pools and protocol treasuries remain intact, according to Aerodrome.
The Aerodrome team has released real-time updates to To reduce risk, the team recommends revoking recent token approvals using tools like Revoke.cash and avoiding signing transactions from unverified domains.
New attack
The airfield has previously experienced similar frontal attacks, including two in late 2023 that resulted in user losses of approximately $300,000.
This latest attack comes just days after Aerodrome announced a merger with Velodrome, consolidating Base and Optimism’s liquidity under the new “Aero” ecosystem. Despite the disruption, the AERO token price remained stable at around $0.67, up 2% in the last 24 hours.
The investigation is ongoing.
