Velodrome and Aerodrome DeFi Hacks: What Happened?
Decentralized finance (DeFi) platforms Velodrome and Aerodrome had their front-ends hacked twice in three days. The exploitation resulted in financial loss and a reduction in the total value of the assets locked up at the velodrome.
In the year On November 29, the two platforms reported the first incident, stating that their facade had been damaged. These DeFi protocols have urged users not to connect to the platform until investigations are completed.
Velodrome and aerodrome domain provider issues
Velodrome and Aerodrome created an intel bounty on Arkham Intelligence, seeking information that would help identify the attackers. Later tests revealed that the exploit was caused by a social engineering attack on their domain provider. DeFi platforms shared the information on November 30th and restored their original domains on December 1st.
However, a few hours after the restoration, attackers again targeted the domain provider, prompting Velodrome and Aerodrome users to not use the protocols again.
“It looks like our provider has been exploited again. Please do not contact our front-end,” Velodrome said.
Read more: Identifying and exploring risks in DeFi lending protocols
As of press time, the domains have been restored. Still, DeFI protocols want to switch providers now to avoid a repeat of the incident.
Velodrome and Aerodrome “The domain has been reclaimed and locked at the TLD level pending a new provider.”
Velodrome Finance operates as an automated market maker based on Optimism. Aerodrome is a fork and the largest decentralized exchange on the Coinbase-backed layer-2 network Base.
Total value locked waterfall following front-end attacks
Data from DeFiLlama shows that the back-to-back attack in front of the velodrome and aerodrome has affected their use and TVL. In fact, the Velodrome TVL event started in 2011. In the year It has fallen more than $10 million since its November 29 launch to press time, reaching a low of $129 million.
On the other hand, Aerodrome saw TVL television cost $5 million despite the same attack.
Read more: Top 6 DeFi Lending Platforms
There are indications that some users of these platforms have lost their money due to these attacks despite repeated warnings. For example, on-chain sleuth ZachXBT identified two addresses that received around $40,000 in stolen funds from a front-end attack.
Meanwhile, phishers are reportedly taking advantage of the incident by creating fake verified accounts that promise to compensate affected users.
Disclaimer
Adhering to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This newsletter aims to provide accurate and up-to-date information. However, readers are advised to independently verify facts and consult with experts before making any decisions based on this content.
