Key Points
- •DNS hijacking on Aerodrome threatens user funds.
- •Base's largest DEX compromised, smart contracts remain secure.
- •Over $1 million stolen swiftly amid rapid responses.
Attack Details and Protocol Security
Aerodrome Finance, Base’s largest decentralized exchange, faced a major DNS hijacking, compromising its frontend and user funds. The attack highlights vulnerabilities in DeFi infrastructure, risking user assets worth millions, impacting market trust, and prompting immediate security reassessments across protocols. Aerodrome Finance, Base’s largest DEX, experienced a DNS hijacking attack, compromising its frontend. The attack put user funds at risk though the protocol’s smart contracts remained secure.
Emergency Response and User Guidance
The Aerodrome team promptly acted by investigating, issuing warnings, and shifting user access to decentralized ENS mirrors. They confirmed the hijack of .finance and .box domains, implementing an emergency lockdown. Aerodrome Finance stated: "Do not use aerodrome.finance or aerodrome.box. Use only aero.drome.eth.limo. Revoke recent approvals on Revoke.cash immediately."
Financial Impact and Market Reaction
The attack led to over $1 million in losses as malicious signature and token approval requests targeted ETH, USDC, NFTs, and WETH. Some users faced asset drains despite efforts to secure their holdings. Despite security measures, the financial impact was swift, disrupting normal staking and affecting liquidity provision behaviors. Governance tokens, including AERO, maintained stability post-attack.
Prevalence of DNS Hijacks and Systemic Risks
DNS hijacks like the Aerodrome incident have grown prevalent, echoing previous exploits, including those in 2023. Past attacks resulted in significant losses, indicating a systemic risk in DeFi platform frontends.
Expert Predictions and Historical Losses
Experts predict potential regulatory responses or shifts in infrastructure as platforms aim to enhance security. DNS hijacks have previously led to over $3 billion stolen, with on-chain laundering noted as a common outcome.