In a concerning turn of events for the decentralized finance (DeFi) community, Velodrome and its fork Aerodrome experienced back-to-back compromises to their front-end interfaces, resulting in financial losses and a notable decline in Total Value Locked (TVL) on Velodrome.
The first incident, reported on November 29, prompted both platforms to issue warnings to users, advising against any interactions with their front-ends until investigations were completed. An intelligence bounty on Arkham Intelligence was initiated to gather information on the attackers. Subsequent investigations revealed that the compromise stemmed from a social engineering attack on the platforms’ domain provider.
After resolving the issue and restoring their original domains on December 1, Velodrome and Aerodrome encountered a second attack on their domain provider just hours later. The protocols promptly advised users to refrain from using the platforms once again. While the domains have been restored, the DeFi protocols are now exploring a shift to a new domain provider to prevent future occurrences.
Velodrome Finance, functioning as an Optimism-based automated market maker, experienced a significant drop in TVL, plummeting by over $10 million since the first incident. In contrast, Aerodrome, despite suffering the same attack, saw a rise of approximately $5 million in its TVL.
Data from DeFiLlama indicates the tangible impact of the attacks on user activity and TVL. However, amidst the warnings, there are indications that some users fell victim to the exploits. On-chain investigator ZachXBT identified addresses that received approximately $40,000 in stolen funds from the front-end attack.
Compounding the situation, phishing scammers are reportedly capitalizing on the incident by creating fake verified accounts, promising compensation to affected users. This raises additional concerns about the broader implications of the attacks, extending beyond immediate financial losses to potential long-term threats to user trust and confidence in DeFi platforms.
As the investigation continues and Velodrome and Aerodrome consider changing their domain provider, the DeFi community remains on high alert, emphasizing the need for robust security measures to safeguard user funds and maintain the integrity of decentralized financial systems.