📅 November 22 | United States
The DeFi ecosystem has been shaken: two of the most important decentralized exchanges—Aerodrome and Velodrome—confirmed that their front-ends were compromised, according to The Block. The teams from both protocols issued urgent warnings for users to avoid their main domains, as the interfaces could be redirecting to malicious contracts capable of draining funds in seconds.
📖The teams behind Aerodrome and Velodrome confirmed that their front-ends —the web interfaces that allow users to interact with the protocol's contracts— were compromised. Although the technical details have not yet been fully revealed, the immediate priority was to warn users not to use official domains, as these could be temporarily controlled by attackers.
Aerodrome, considered the main DEX of Base, accumulates significant daily volumes and manages large liquidity pools. Velodrome, meanwhile, dominates in Optimism, one of the main L2 chains in the Ethereum ecosystem. The simultaneous nature of the attack is concerning because it suggests:
An exploit targeting web infrastructure.
A compromise of administrative access.
A broader social engineering attack at the hosting or DNS level.
The developers indicated that the smart contracts were not affected, meaning that the funds in the contracts remain safe as long as users do not interact with the compromised front-end. However, this does not eliminate the most immediate risk: if a user signs transactions from the compromised interface, they could be sending tokens directly to a wallet controlled by the hackers.
Both teams are working on verifying logs, recovering access, and restoring full control of the front-end. They also recommended using alternative interfaces, such as direct contract addresses or secure interaction platforms like Etherscan, but only for advanced users.
A persistent vulnerability in DeFi: even if contracts are secure and audited, front-ends remain weak points that can compromise millions with a single oversight. The incident also marks another dark chapter for high-volume DEXs, which in recent months have been targeted by DNS hijacking attacks, embedded phishing, and server compromises.
Topic Opinion:
What happened today demonstrates that even leading protocols can falter if they neglect aspects such as administrative access, DNS, hosting, or multi-signature verification in layers external to the contract.
💬 Do you think DEXs should adopt more decentralized infrastructures for their front-ends?
Leave your comment...
#CryptoNewss #defi #Aerodrome #Velodrome #Hack $VELODROME
