NameSilo Hack Consequences: Aerodrome and Velodrome Prepare Detailed Report
Date: 2025-11-25 Author: Henry Casey Categories: BUSINESS
Decentralized protocols Aerodrome and Velodrome have disclosed details of a recent incident involving the compromise of their centralized domain names. The attack occurred on November 21, 2025, when the domains of both platforms were changed so that visitors were redirected to fake web pages created by the attackers. The following day, the project teams confirmed the front-end disruption and recommended completely suspending use of the web versions until all circumstances are clarified.
According to preliminary investigation results, the key element of the attack was an internal vulnerability in the NameSilo registrar. Project representatives noted that an insider was able to bypass 3DNS security mechanisms, disable DNSSEC, and reroute to malicious domains. This move allowed the attackers to create phishing pages on which users unwittingly signed fraudulent transactions.
The teams noted that despite the compromised frontends, MetaDEX's on-chain infrastructure and decentralized interfaces continued to function without interruption. The rapid response of security partners—Blockaid, 0xGroomLake, SEAL, and FTI Consulting—allowed for the threat to be quickly contained. According to their data, popular wallets such as Metamask and Coinbase Wallet began displaying warnings about the potential threat within two minutes of the first suspicious transaction.
Full remediation of the attack took less than four hours, including updating settings and restoring the infrastructure. Nevertheless, the damage was significant: users signed up for approximately $700,000 on phishing pages before the attackers' activity ceased completely.
Following the incident, the Aerodrome and Velodrome teams announced they would not be returning their domains to the previous infrastructure. They are currently working with corporate registrars and cybersecurity experts to prepare to transfer the domains to a more secure system. The migration is scheduled to be completed soon.
It was also reported that users will be able to launch dApp versions of the services in a fully autonomous mode in the future, including operation through private networks and their own RPC nodes. At the same time, Aero and Velo Foundations are developing a special grant program for victims of malicious transaction signing.
The incident is yet another reminder of the risks of centralized DNS infrastructure for the DeFi sector. A similar compromise of the Aerodrome and Velodrome web interfaces occurred in 2023, highlighting the systemic nature of the threat. Following the attack, the Aerodrome Finance (AERO) token saw its value drop by almost six percent in a day, lagging the market.
