DNS Attack Knocks Top DEX Protocols Offline - Smart Contracts Remain Secure

The crypto industry just received another reminder that even the most decentralized applications still rely on centralized components — and that those weak points can be exploited.

Key Takeaways:

The attack on Aerodrome and Velodrome targeted their web domains, not their smart contracts or user funds.
Both exchanges redirected users to decentralized front-ends after their centralized domains were compromised.
The incident highlights that Web3 platforms remain vulnerable when Web2 infrastructure — like DNS — is exploited.

Early Saturday, two of the largest decentralized exchanges in the Optimism Superchain ecosystem, Aerodrome on Base and Velodrome on Optimism, found themselves dealing with a threat that didn’t target their smart contracts or liquidity, but something far simpler: their websites.

A Web2 Weak Link in a Web3 World

The disruption didn’t emerge from on-chain vulnerabilities. Liquidity pools, staking contracts, and user funds remained fully secure. Instead, attackers took control of the Domain Name System layer, redirecting visitors from the real webpages to an imitation interface designed to trick users.

Anyone typing the correct URLs could still land on a malicious landing page — a classic Web2 exploit wrapped around a Web3 service.

To avoid exposing users to the malicious interface, both teams instructed traders to access the DEXs through decentralized mirrors and browser-safe alternatives rather than the official domain.

The Hijack Was Brief — But Not Without Implications

By Saturday afternoon, the fake front-end stopped loading. Velodrome briefly reached out publicly to its domain provider, My.box, before deleting the request. Neither team issued additional comments by publication time.

Investigations are ongoing, and there is no confirmation yet on whether the attacker responsible for the weekend incident is the same type of threat actor from a similar event in November 2023, when a DNS compromise caused losses of more than $100,000, according to blockchain tracer ZachXBT.

New Era, Old Attack Surface

Despite their dominance in the borrowing-and-lending markets of the Optimism Superchain, both platforms still depend on Web2 infrastructure — a core contradiction of the current decentralized economy. Smart contracts may be bulletproof, but if the entry point to them can be rerouted, attackers don’t need to touch the blockchain at all.

The Unification Backdrop

The attack arrives at a pivotal moment. Dromos Labs, the team behind Velodrome, has been preparing to merge the two major DEXs into a single entity called Aero.

Set to debut in Q2 2026, Aero will consolidate both platforms and their tokens into a single AERO token, designed to represent the full productive output of the unified exchange. The transition is expected to reduce fragmentation and increase liquidity — and now, likely, to demand hardened domain and access security.

Bigger Than a Weekend Hack

Neither Aerodrome nor Velodrome lost funds. Contract security held. But the event showed that centralized website infrastructure remains one of the most effective attack vectors against decentralized protocols.
To users, the takeaway may be uncomfortable but essential: even in Web3, the safest route to DeFi is not always the most convenient one.