Blockaid
Blockaid
VELO+3.28%
AERO-1.77%
BTC-1.03%
ETH+0.03%
A DNS attack rerouted Aerodrome's frontend to a drainer. ↓ Blockaid detected the compromise in real time and prevented ~$3.5M in theft.
Aerodrome
Aerodrome
On November 21st, the centralized domains of both Velodrome and Aerodrome were hijacked and directed to malicious content. This attack was caught and mitigated quickly with the support of our security partners — and a plan for how to move forward is now ready. 👇
On November 21, Aerodrome and Velodrome experienced a DNS attack that modified the SOA, NS, and A records for “aerodrome . finance” and “velodrome . finance”. The changes redirected both domains to a cloned frontend serving Eleven Drainer code.
Gallery 1
Blockaid was the first to detect the compromise, report it to Aerodrome, and inform its Customer Data Network, based on the UTC timeline below: → 20:11 DNS records changed, redirecting both domains to a spoofed UI → 21:31 Blockaid detects malicious transactions across its customer network → 21:32 Blockaid classified the domain as malicious across its customer network → 22:07 First Aerodrome user report arrives, pointing to malicious code on the domain → 22:40 Nameservers are replaced as remediation begins
A great example of Blockaid’s Customer Data Network effect: Once the domain was classified as malicious, partnered wallets, including @MetaMask, @coinbase, @Ledger, @Trezor, @rainbowdotme, and @FireblocksHQ, immediately surfaced warnings to users engaging with @AerodromeFi.
Gallery 1
During the incident, Blockaid surfaced early warnings to 408 end users connecting their wallet to Aerodrome’s frontend and another 491 end users actively signing transactions, preventing roughly $3.5M in funds from being drained. Blockaid traced the attacker’s onchain behavior, identifying nine addresses tied to $700K in stolen funds. These losses came from wallet end users outside of our network, who we could not inform.
Gallery 1
Incidents like this show how much risk lives outside the protocol. Frontend and DNS layers need the same level of detection and protection.
Sourced fromtwitter
1.32K
12
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.