The Base and Optimism platforms woke up on Nov. 22 to find their front ends hijacked, sending unsuspecting users straight into malicious look-alikes designed to trick wallets into approving draining transactions.

Aerodrome Finance, the top decentralized exchange (DEX) on Base, and Velodrome Finance, Optimism’s leading DEX, stressed that smart contracts stayed untouched — the trouble was strictly at the domain level. The coordinated posts on X urged users to steer clear of all centralized URLs while the teams scrambled to get registrars under control.

Alerts began rolling out around 10:30 p.m. Eastern time the day prior, with Aerodrome noting it had “a frontend compromise” and encouraging users to avoid all access points until further notice. By 6 a.m., the team confirmed that both .finance and .boxdomains remained unsafe and pointed traders to decentralized mirrors such as aero-drome.eth.limo.

Velodrome echoed the warnings, telling users to pause all interactions while investigators traced the root of the breach. Both protocols said they were working with their registrar partners, including My.box, to unwind the hijack. The phishing sites reportedly drained more than $1 million in under an hour, according to early onchain observations from community analysts.

Read more: Van Eck: Investors Shed Bitcoin Bracing for a Bearish 2026

While no protocol-level assets were touched, users who connected wallets to the spoofed sites reported rapid outflows to attacker-controlled addresses. Aerodrome’s roughly $400 million in total value locked (TVL) held steady, while Velodrome saw a modest dip to about $129 million amid the confusion.

The timing raised eyebrows: the breach hit just days after Dromos Labs unveiled a sweeping merger that folds Aerodrome and Velodrome into Aero, a consolidated liquidity hub spanning Base, Optimism, Ethereum, and Circle’s Arc chain. The unified AERO token will replace both ecosystems’ native assets once the new platform goes live next year. Still, no evidence ties the hijack to the merger, and other protocols on Base or Optimism have not reported similar issues.

Teams for both DEXes emphasized that ENS-based mirrors remained safe, repeatedly reminding users to revoke suspicious approvals and stay tuned for updates. As of Nov. 23, investigations were ongoing, centralized domains remained offline, and the community was applauding quick communication — even if frustrated that DNS remains a soft spot in decentralized finance (DeFi).

• What caused the Aerodrome and Velodrome outage?
  A DNS hijack redirected users from the official domains to phishing pages.
• Were funds inside the protocols affected?
  No, all smart contracts remained secure and losses stemmed only from users connecting to spoofed sites.
• How much was stolen during the incident?
  Early estimates suggest the phishing sites drained more than $1 million.
• Are there safe ways to access the platforms right now?
  Teams advised using verified ENS mirrors until centralized domains are fully restored.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。