Aerodrome, the largest decentralized exchange (DEX) on the Ethereum Layer 2 network Base, reported a suspected front-end compromise on Saturday, November 22. In the early hours of the weekend, the project disclosed that it is investigating an attack and asked users to avoid their centralized domains.
For context, a DNS hijack allows an attacker or bad actor to manipulate the Domain Name System (DNS) in order to redirect users from a legitimate website to a malicious one. In essence, this compromise redirected users of the Base-native Aerodrome to a fraudulent website on Wednesday.
It appears that the problem with the decentralized exchange might have stemmed from its domain provider. Earlier in the day, Aerodrome went on the X platform to inform Web3 domain provider My.box that its infrastructure had likely been compromised and to reach out to them.
Interestingly, this latest DNS hijack comes roughly two years after a similar attack affected the ability of users to access both decentralized exchanges in November 2023. Blockchain detective ZachXBT, at the time, estimated the loss from the 2023 attack at about $100,000.
The timing of this DNS attack is rather interesting, especially as Dromos Labs, the development company behind the Base-native Aerodrome and Optimism-based Velodrome, recently disclosed plans to consolidate both protocols into a trading hub called “Aero.”
This development will also unify the protocols’ existing tokens into the single AERO token, Dromos further revealed. The Aero trading hub is expected to launch first on the Ethereum mainnet and Circle’s Arc blockchain in the second quarter of 2026.
