Aerodrome Finance Warns Users After Frontend Breach, Decentralized Mirrors Remain Safe

Highlights:

• Aerodrome Finance warned users after hackers attacked its main website system.
• Team says main centralized domains are compromised, but two decentralized mirror sites remain fully secure.
• Crypto thefts dropped in October, but new attacks still cause big risks. 

Aerodrome Finance, a major decentralized exchange on the Base blockchain, has alerted users to a potential breach involving its frontend. The platform’s team is actively investigating and has advised the community not to access any domain until the situation is fully understood. 

Aerodrome Central Domains Breached While Decentralized Mirrors Stay Secure

Reports confirm that the exchange’s centralized domains, including .finance and .box addresses, remain compromised. Team encouraged users to use only the safe decentralized mirror sites, Aero.drome.eth.limo and Aero.drome.eth.link, which are currently unaffected. The smart contract infrastructure in Aerodrome Finance appears to be safe, and updates are expected to be posted by the team as they continue their investigation. Another sister protocol, Velodrome, has also reported the same problem.

Update: centralized domains (.finance and .box) remain compromised. Please do not use either domain for now.

Two decentralized mirrors remain safe to use:https://t.co/7U8yRQs1Lihttps://t.co/mnbqM27GdS

All smart contracts remain secure.

We’ll provide further updates as the… https://t.co/1VPGDnq10L

— Aerodrome (@AerodromeFi) November 22, 2025

A user said the exploit on Aerodrome and Velodrome stole over $1 million in less than an hour. Another user said they encountered the malicious site before the warnings came out. The site carried out a tricky two-step attack. At first, the frontend asked for a simple signature that only showed the number “1,” just to connect the wallet. The user recorded the attack with screenshots and videos, showing how it went from the first signature request to multiple attempts to steal funds.

Update on @AerodromeFI – $AERO @VelodromeFI – $VELO ⚠️ EXPLOIT

Over $1.000.000 stolen in under an hour…

Please do not attempt to use any #Aerodrome domains!

Aerodrome will provide further updates as the investigation progresses on our telegram channel https://t.co/YnOJs5bbPY pic.twitter.com/RvdH1MLmRm

— cryptomourn (@cryptomourn) November 22, 2025

Alexander, Aerodrome’s core contributor and CEO of Dromos Labs, criticized a builder who mocked the project during the DNS hijack. He said the decentralized domains were safe, 3DNS was protected with a multisig, and top security teams are still investigating. The issue was not caused by the Aerodrome team. “The first rule of building in DeFi is that you don’t use exploits to dunk on other builders, especially for something like a DNS hijacking that is almost always out of a team’s control,” he said, calling such behavior unprofessional. 

The first rule of building in DeFi is that you don’t use exploits to dunk on other builders — especially for something like a DNS hijacking that is almost always out of a teams control — this is absolutely unbecoming behavior from a founder. https://t.co/4Iwr3QoIfC

— alexander (@wagmiAlexander) November 22, 2025

Crypto Thefts Fall 85% in October, But Threats Remain Strong

October saw crypto thefts drop sharply, with losses falling 85% compared to previous months. Analysts say better security across protocols helped, but attacks are still fast and aggressive. A Global Ledger report showed that over $3 billion was stolen in early this year. Centralized exchanges were a main weak point, handling about 15% of stolen funds, leaving teams very little time to respond. 

On October 30, Garden Finance reported a hack that stole more than $10 million from one solver. Without this, total losses for October would have been around $7.18 million. Typus Finance faced an oracle attack on October 15, losing about $3.4 million and causing its token to drop 35%. Abracadabra lost $1.8 million in MIM stablecoins after hackers bypassed solvency checks. Even with lower losses, experts warn that threats are evolving. Smaller hacks can still cause major damage if defenses are not strong.