Decentralized finance (DeFi) platforms Velodrome and Aerodrome frontends have been compromised twice in three days. The exploit resulted in a loss of funds and a decline in the total value of assets locked in the Velodrome.
On November 29, both platforms reported their first incidents of front-end compromises. These DeFi protocols urged users not to interact with their platforms until the investigation is complete.
Domain provider issues with Velodrome and Aerodrome
Velodrome and Aerodrome have created an intelligence bounty on Arkham Intelligence to find information that could help identify the attackers. Investigation later revealed that the exploit was the result of a social engineering attack against the domain provider. The DeFi platform shared the information on November 30 and restored the original domain on December 1.
However, hours after the restoration, attackers targeted the domain provider again, prompting Velodrome and Aerodrome to urge users not to use the protocol again.
“It appears our supplier has been exploited again. Please do not interact with our front end,” Velodrome said.
Read more: Identifying and Navigating Risks in DeFi Lending Protocols
As of press time, the domain has been restored. Nonetheless, the DeFI protocol is now looking to change providers to avoid a recurrence of the incident.
“The domain has been reinstated and is locked at the TLD level until transferred to a new provider,” Velodrome and Aerodrome said.
Velodrome Finance operates as an optimism-based automated market maker. Aerodrome is a fork of the Coinbase-backed layer 2 network and the largest decentralized exchange.
Total value locked due to front-end attacks declines
Data from DeFiLlama shows that successive attacks on the front ends of Velodrome and Aerodrome have impacted usage and TVL. In fact, the Velodrome’s TVL has fallen by more than $10 million since events began on November 29, hitting a record low of $129 million at press time.
Aerodrome, on the other hand, saw its TVL increase by about $5 million despite being hit the same way.
Read more: Top 6 DeFi Lending Platforms
There are indications that some users of these platforms have lost their funds due to these attacks, despite repeated warnings. For example, on-chain detective ZachXBT identified two addresses where approximately $40,000 in funds were stolen in a front-end attack.
Meanwhile, phishing scammers are reportedly taking advantage of the incident by creating fake verified accounts promising compensation to affected users.
disclaimer
In compliance with Trust Project guidelines, BeInCrypto is committed to unbiased and transparent reporting. These news articles aim to provide accurate and timely information. However, before making any decisions based on this content, readers are encouraged to check the facts and consult with experts.