Aerodrome Finance, a leading decentralized exchange on Coinbase’s Base network with $400 million in total value locked, was targeted in a front-end attack late Friday, prompting urgent warnings for users to avoid its primary domains.

The incident appears to be a DNS hijacking of Aerodrome’s centralized domains, which allowed attackers to reroute users to lookalike phishing sites designed to trick them into signing malicious wallet transactions to separate them from their funds. Users are advised to instead rely on Aerodrome’s decentralized domains. Aerodrome has asked My.box, the domain provider, to contact them over a potential exploit of their systems.

These attacks do not compromise the underlying smart contracts, which manage user funds and protocol logic on-chain. At the time of writing, it’s unconfirmed whether the attack has led to any losses or how many users have been affected. Liquidity pools and protocol treasuries remain intact, according to Aerodrome.

Aerodrome's team has been posting real-time updates on X, urging users not to access the compromised domains, aerodrome.finance and aerodrome.box, and instead use decentralized ENS mirrors like aero.drome.eth.limo. To reduce risk, the team recommends revoking recent token approvals using tools like Revoke.cash and avoiding signing any transactions from unverified domains.

New attack

Aerodrome has experienced similar front-end attacks before, including two in late 2023 that resulted in approximately $300,000 in user losses.

This latest attack comes just days after Aerodrome announced a merger with Velodrome, consolidating liquidity across Base and Optimism under the new “Aero” ecosystem. Despite the disruption, the AERO token price remained stable at around $0.67, up 2% over the last 24 hours.

The investigation is ongoing.