Aerodrome is warning users of a suspected front-end security breach.
Centrally managed domains remain compromised. The two distributed mirrors are still securely accessible.
Aerodrome Finance, a leading decentralized exchange on the Base blockchain, recently warned of a possible breach involving its front end and is currently investigating the situation. The team urges users to avoid accessing the platform via the domain until the situation is fully assessed.
Centralized domains come under attack, but distributed mirrors stay safe
The Aerodrome team confirmed that centralized domains, including .finance and .box addresses, are still being compromised. The team says it can now safely access two distributed mirror sites: Aero.drome.eth.limo and Aero.drome.eth.link.
Update: Centralized domains (.finance and .box) remain compromised. Please do not use either domain at this time.
The two distributed mirrors are still safe to use: https://t.co/7U8yRQs1Lihttps://t.co/mnbqM27GdS
All smart contracts remain secure.
We will keep you informed of the latest information… https://t.co/1VPGDnq10L
— Aerodrome (@AerodromeFi) November 22, 2025
Aerodrome says its smart contract infrastructure appears to be secure. Further updates will be shared as the investigation continues. Velodrome Finance has also reported similar issues, indicating the possibility of a broader attack.
More than $1 million leaked in less than an hour
One user reported that an exploit affecting an airfield and velodrome stole more than $1 million in less than an hour.
Latest information on @AerodromeFI – $AERO @VelodromeFI – $VELO ⚠️ EXPLOIT
Over $1 million was stolen within an hour…
Don’t use the #Aerodrome domain.
The airfield will provide further updates as the investigation progresses on its Telegram channel https://t.co/YnOJs5bbPY pic.twitter.com/RvdH1MLmRm
— cryptomourn (@cryptomourn) November 22, 2025
Another user said he had visited the site before the warning was issued and did not authorize the transaction, but the attack was severe. A simple signature request was immediately followed by an attempt to obtain unrestricted approval to drain NFTs, ETH, and USDC.
Poster denounces mockery amid DNS attack
Alexander, a core Aerodrome contributor and CEO of Dromos Labs, accused another builder of mocking the project during the DNS hijacking incident.
He noted that no distributed domains were affected, that 3DNS was protected by multisig, that multiple top security teams were still working to understand the issue, and that it was not an issue on their part.
“The first rule when building in DeFi is to not use exploits to dunk other builders, especially for things that are mostly out of the team’s control, like DNS hijacking.””, calling the conduct unprofessional.
The first rule when building in DeFi is not to use exploits to dunk other builders. This is absolutely inappropriate behavior for a founder, especially when it comes to something like DNS hijacking, which is mostly out of the team’s control. https://t.co/4Iwr3QoIfC
— Alexander (@wagmiAlexander) November 22, 2025
Hackers are getting faster and more aggressive
A new Global Ledger report shows that cryptocurrency hackers are moving faster than ever.
More than $3 billion was stolen in early 2025, often with attackers laundering the money within minutes, and in some cases without anyone even realizing the hack had occurred.
Centralized exchanges remain under great pressure. Approximately 15% of laundered funds pass through CEX, and compliance teams often only have minutes to respond. With CEX accounting for more than half of all losses this year, the report highlights that real-time monitoring is essential.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
