Aerodrome and Velodrome DeFi Platforms Hit by Second DNS Hijacking Attack

Global: Aerodrome and Velodrome DNS Hijacking Attack

Attackers seized control of the domain name system (DNS) records for the decentralized finance platforms Aerodrome and Velodrome, redirecting users to counterfeit websites that mimicked the original services. The redirection was discovered on the platforms’ monitoring systems, prompting immediate warnings against visiting the compromised sites while they worked to restore legitimate control. This incident marks the second known DNS hijacking targeting these exchanges, with the first occurring roughly two years earlier.

Method of Attack

According to the platforms’ statements, the perpetrators altered the DNS entries associated with the official domains, causing internet traffic to be routed to servers under the attackers’ control. By presenting visually identical interfaces, the fraudulent sites were able to capture user credentials and transaction details.

Platforms’ Response

Aerodrome and Velodrome both posted alerts on their official communication channels, advising users to refrain from accessing the sites and to verify URLs before initiating any transactions. The teams indicated that they are collaborating with domain registrars and security experts to regain authoritative DNS control.

Historical Context

The earlier hijacking, which occurred almost exactly two years ago, resulted in users losing approximately $100,000 after submitting transactions through the spoofed sites. That incident highlighted the vulnerability of decentralized exchanges to DNS‑based attacks despite their on‑chain security mechanisms.

Financial Impact

While the current breach has not yet disclosed a specific monetary loss, the prior $100,000 loss underscores the potential for significant financial harm when users are deceived by look‑alike domains. No reports of stolen funds have been confirmed for the latest event as of this writing.

Broader Security Implications

These repeated DNS hijackings illustrate a growing attack surface for DeFi platforms that rely on web interfaces for user interaction. The incidents demonstrate that off‑chain components, such as domain name resolution, remain attractive targets for threat actors seeking to exploit trust in familiar URLs.

Preventive Recommendations

Security experts generally advise users to employ bookmark links, verify SSL certificates, and consider using hardware wallets that require manual transaction signing. Platforms are urged to implement DNSSEC, multi‑factor authentication for registrar accounts, and continuous monitoring of DNS records to detect unauthorized changes promptly.

This report is based on information from Web3 Is Going Great, licensed under Creative Commons Attribution 3.0 (CC BY 3.0). Analysis provided by Web3 Is Going Great.