Base’s Top DEX Aerodrome Hit by a Suspected Frontend Security Breach
Aerodrome Finance, the main decentralized trade on the Base community, confirmed it’s investigating a suspected DNS hijacking assault that compromised its centralized domains.
The protocol warned customers to keep away from accessing its main .finance and .field domains and as a substitute use two safe decentralized mirrors hosted on ENS infrastructure.
The assault unfolded quickly, with affected customers reporting malicious signature requests designed to empty a number of belongings, together with NFTs, ETH, and USDC, by limitless approval prompts.
While the group maintains that each one good contracts stay safe, the frontend compromise uncovered customers to classy phishing makes an attempt that might have drained wallets for many who weren’t rigorously monitoring transaction approvals.
DNS Hijacking Forces Emergency Protocol Lockdown
Aerodrome’s investigation started when the group detected uncommon exercise on its main area infrastructure roughly six hours earlier than issuing public warnings.
The protocol instantly flagged its area supplier, Box Domains, as probably compromised and urged the service to succeed in out urgently.
Within hours, the group confirmed that each centralized domains, .finance and .field, had been hijacked and remained beneath attacker management.
The protocol responded by shutting down entry to all main URLs whereas establishing two verified protected options: aero.drome.eth.limo and aero.drome.eth.hyperlink.
These decentralized mirrors leverage the Ethereum Name Service, which operates independently of conventional DNS methods which can be weak to hijacking.
The group emphasised that good contract safety remained intact all through the incident, containing the breach completely to frontend entry factors.
Sister protocol Velodrome faced comparable threats, prompting its group to subject parallel warnings about area safety.
The coordinated nature of the warnings steered that attackers could have systematically focused Box Domains’ infrastructure to compromise a number of DeFi platforms concurrently.
Users Report Aggressive Multi-Asset Drain Attempts
One affected person described encountering the malicious interface earlier than official warnings circulated, detailing how the compromised web site deployed a misleading two-stage assault.
The hijacked frontend first requested what gave the impression to be a innocent signature containing solely the quantity “1,” establishing preliminary pockets connection.
Immediately after this seemingly innocuous request, the interface triggered a limiteless variety of approval prompts for NFTs, ETH, USDC, and WETH.
“It requested for a easy signature, then immediately tried limitless approvals to empty NFTs, ETH, and USDC,” the person reported. “If you weren’t paying consideration, you might’ve misplaced every part.”
The sufferer documented the assault by screenshots and video recordings, capturing the development from preliminary signature request by a number of drain makes an attempt.
Their investigation, carried out with AI help, examined browser configurations, extensions, DNS settings, and RPC endpoints earlier than concluding that the assault sample aligned with DNS hijacking methodology.
Another group member shared an expertise with a separate, draining incident not too long ago, describing themselves as a seasoned veteran and full-stack developer who nonetheless fell sufferer to classy assaults.
Despite technical experience, the person misplaced important funds and spent 3 days growing a Jito bundle-based script to get better roughly 10-15% of the stolen belongings by on-chain stealth operations.
October Records Lowest Crypto Hack Losses of the Year
The Aerodrome incident emerged throughout October’s sudden safety milestone, because the crypto market skilled its lowest month-to-month hack losses of the 12 months.
Data from blockchain safety agency PeckShield reveals solely $18.18 million was stolen throughout 15 separate incidents, representing a steep 85.7% decline from September’s $127.06 million.
Without the late-month Garden Finance exploit, whole losses would have hovered close to $7.18 million, the bottom single-month worth since early 2023.
The largest incidents occurred at Garden Finance, Typus Finance, and Abracadabra, which collectively accounted for $16.2 million of whole stolen funds.
Garden Finance loses $10.8 million in exploit as on-chain information reveals over 25% of platform quantity linked to stolen funds from main safety breaches.#Crypto #Bitcoin #Exploithttps://t.co/Tb8zYW8oPH
— Cryptonews.com (@cryptonews) October 30, 2025
Garden Finance, a Bitcoin peer-to-peer protocol, disclosed on October 30 that it had been exploited for more than $10 million after one of its solvers was compromised, with the breach affecting solely the solver’s personal stock.
Typus Finance suffered an oracle manipulation assault on October 15 that drained roughly $3.4 million from its liquidity swimming pools, traced to a flaw in one in every of its TLP contracts that induced the venture’s native token to drop about 35%.
DeFi lending platform Abracadabra endured its third exploit since launch around the same time, leading to roughly $1.8 million in MIM stablecoin losses after hackers bypassed solvency checks by a good contract vulnerability.
The put up Base’s Top DEX Aerodrome Hit by a Suspected Frontend Security Breach appeared first on Cryptonews.
