-
Aerodrome warns users over a suspected front-end security breach.
-
Centralized domains remain compromised; two decentralized mirrors still safe to access.
Aerodrome Finance, a leading decentralised exchange on the Base blockchain, recently warned about a possible breach involving its frontend and is currently investigating the situation. The team has urged users to avoid accessing the platform through any domain until they fully assess the situation.
Centralized Domains Hit, Decentralized Mirrors Stay Safe
The Aerodrome team confirmed that its centralised domains, including the .finance and .box addresses, are still compromised. The team notes that two decentralised mirror sites are currently safe to access: Aero.drome.eth.limo and Aero.drome.eth.link.
Update: centralized domains (.finance and .box) remain compromised. Please do not use either domain for now.
Two decentralized mirrors remain safe to use:https://t.co/7U8yRQs1Lihttps://t.co/mnbqM27GdSAll smart contracts remain secure.We’ll provide further updates as the… https://t.co/1VPGDnq10L— Aerodrome (@AerodromeFi) November 22, 2025
Aerodrome says its smart contract infrastructure appears secure. More updates will be shared as the investigation continues. Velodrome Finance has also reported a similar issue, suggesting the possibility of a wider attack.
Over $1M Drained in Under an Hour
One user reported that an exploit affecting Aerodrome and Velodrome resulted in more than $1 million being stolen in less than an hour.
Update on @AerodromeFI – $AERO @VelodromeFI – $VELO ⚠️ EXPLOIT
Over $1.000.000 stolen in under an hour…Please do not attempt to use any #Aerodrome domains!Aerodrome will provide further updates as the investigation progresses on our telegram channel https://t.co/YnOJs5bbPY pic.twitter.com/RvdH1MLmRm— cryptomourn (@cryptomourn) November 22, 2025
While another user notes that he visited the site before the warning was issued, and although the user did not approve any transactions, the attack was severe. A simple signature request was quickly followed by attempts to gain unlimited approvals to drain their NFTs, ETH, and USDC.
Co-founder Slams Mocking Amid DNS Attack
Alexander Cutler, the co-founder of Aerodrome and the CEO of Dromos Labs, called out another builder for mocking the project during the DNS hijacking incident.
He notes that the decentralised domains were unaffected, 3DNS was protected by a multisig, and multiple top security teams are still trying to understand the issue, and it was not an issue from the team’s end.
“The first rule of building in DeFi is that you don’t use exploits to dunk on other builders, especially for something like a DNS hijacking that is almost always out of a team’s control,” he said, calling the behaviour unprofessional.
The first rule of building in DeFi is that you don’t use exploits to dunk on other builders — especially for something like a DNS hijacking that is almost always out of a teams control — this is absolutely unbecoming behavior from a founder. https://t.co/4Iwr3QoIfC
— alexander (@wagmiAlexander) November 22, 2025
Hackers Get Faster, More Aggressive
A new Global Ledger report shows how crypto hackers are getting faster than ever.
More than $3 billion was stolen in early 2025, and in many cases, attackers laundered the money within minutes, sometimes even before anyone realised a hack had happened.
Centralised exchanges remain a major point of pressure. About 15% of laundered funds passed through CEXs, and compliance teams often have only a few minutes to react. With CEXs responsible for over half of all losses this year, the report stresses that real-time monitoring is now essential.
