Base and Optimism’s Top DEXs Suffer DNS Hijack in Repeat Attack Nearly Two Years Later

What Happened to Aerodrome and Velodrome?

Aerodrome, the largest decentralized platform on Base, and Velodrome, the leading DEX on Optimism, suffered a front-end compromise ahead Saturday morning. Both teams confirmed their centralized domains were hit by a DNS hijack, redirecting users to malicious websites designed to mimic the platforms.

The DEXs warned users to avoid their normal URLs — including Velodrome.finance and Velodrome.box — and instead access decentralized mirror links. The fraudulent pages were live ahead in the day, but by Saturday later thannoon had stopped loading, suggesting a fix was underway.

Both projects emphasized that their smart contracts and on-chain liquidity remain unaffected. Only the user-facing front-end was compromised.

DNS hijacks allow attackers to alter domain records and redirect traffic to spoofed interfaces. For DEXs, this risk is severe: malicious front-ends can trick users into approving harmful transactions.

Investor Takeaway

Why This Attack Looks Familiar

Saturday’s incident mirrors a similar compromise on November 29, 2023, when both Aerodrome and Velodrome were taken down by a DNS-level attack. estimated losses above 100,000 dollars during that event and linked the compromise to domain registrar Porkbun, which suffered another attack days later.

The repetition raises concerns about DNS security across mid-tier Web3 infrastructure. While both DEXs operate highly , their reliance on traditional domain registrars exposes an attack surface outside the blockchain itself.

In the latest incident, Velodrome briefly posted that it was attempting to contact domain provider My.box for support, although the post was later deleted. Neither protocol has yet disclosed the root cause of the new hijack.

What This Means for Base and Optimism Users

Aerodrome is the dominant liquidity hub on Base, consistently ranking among the network’s highest-volume applications. Velodrome plays the identical role on Optimism, serving as a core liquidity layer for the broader Superchain ecosystem.

A successful DNS hijack against both platforms simultaneously is significant for several reasons:

• High user exposure: Both DEXs handle billions in .
• Cross-ecosystem impact: Many Base and Optimism protocols rely on these DEXs for routing, incentives and liquidity management.
• Repeat targeting: The similar attack pattern raises questions about vulnerabilities.

Despite the disruption, both DEXs reiterated that no on-chain components were affected. The compromise was limited to the hosted user interface.

Investor Takeaway

How the Attack Fits Into the Platforms’ Roadmap

The incident comes at a pivotal moment for both platforms. Dromos Labs, the team behind Velodrome, recently announced plans to unify Aerodrome and Velodrome into a single platform called Aero. The combined protocol is scheduled to launch in the second quarter of 2026.

The migration will also consolidate the existing tokens into one AERO token, which the team says will “serve as a claim on the productive capacity” of both platforms. Combining liquidity engines for Base and Optimism is expected to and position Aero as a unified trading layer across the Superchain.

The timing of the DNS attack — arriving as the networks prepare for deeper consolidation — adds further urgency to improving off-chain security. While smart contracts remain robust, administrative systems, hosting layers and registrars remain a recurring fragile point.

What Comes Next?

Both Aerodrome and Velodrome are working to restore full domain functionality, though neither has released a postmortem or technical breakdown. Restoring trust will require:

• Registrar hardening: Ensuring domain providers implement multi-factor authentication and DNSSEC.
• Front-end decentralization: Increasing reliance on IPFS, ENS, and permissionless hosting.
• User education: Reinforcing secure interaction practices during outages.

Until the official domains are stable, users should rely on decentralized mirror links or interact directly with verified contract addresses.

The incident underscores a broader reality across DeFi: even as on-chain security improves, off-chain interfaces remain one of the easiest points of attack. For major platforms preparing to merge and scale, securing these entry points is now essential.