The Aerodrome frontend compromise has put the Base network’s leading DEX under close scrutiny as users report being redirected to a suspicious DNS-hosted version of the site. Early complaints surfaced when individuals navigating to Aerodrome’s official domain unexpectedly landed on a look-alike 3DNS page displaying a large green “Send Funds” button, instantly raising concerns across the community. Aerodrome later confirmed that its centralized domains had been compromised, prompting a full investigation.

This incident has pushed many users to avoid interacting with any Aerodrome URLs until the team completes its review, reinforcing how dependent DeFi protocols still are on secure DNS infrastructure. The team maintains that its smart contracts remain safe, but the misleading frontend experience has caused understandable alarm within the Base ecosystem. In situations like these, users rely heavily on timely communication, and Aerodrome has continued to provide updates as its investigation progresses.

Users Report Redirects and Fake Interface Behavior

Reports began circulating when users attempting to access aerodrome.finance were redirected to a domain displaying a cloned Aerodrome interface. The page, hosted on a DNS-based service, showed a minimal layout, an unfamiliar wallet address, and a prominent green button labeled “Send Funds”. Multiple users immediately flagged the interface as suspicious due to its unusual design and lack of expected functionality.

Aerodrome later confirmed the issue publicly, stating it was dealing with a “frontend compromise” and urging the community not to access any URLs associated with the project, including its primary domains or decentralized mirrors, until the investigation concludes. This stance marked a temporary shift from earlier guidance reported in media coverage, where users were directed toward ENS-based alternatives. With the situation still unfolding, the team emphasized caution.

According to related reporting, the compromise stems from a suspected DNS hijacking attack that affected Aerodrome’s centralized domains. The malicious frontend reportedly attempted to solicit questionable signature requests and potential asset approvals, targeting ETH, NFTs, and stablecoins. While these details came from affected users and journalists, Aerodrome itself has not yet confirmed the full technical cause, keeping its focus on user safety and internal assessment.

The observations shared by users shows the deceptive interface displaying only limited domain information, a wallet address, and the suspicious transaction prompt.

Also read: MSCI Digital Asset Treasury Review Sparks Market Debate

Ongoing Investigation and Safety Measures

With the Aerodrome frontend compromise still under investigation, the protocol has repeatedly reassured users that all on-chain smart contracts appear unaffected. This distinction is important, as it suggests the issue is isolated to the centralized domain layer rather than the protocol’s underlying infrastructure.

Early warnings from community members and journalists highlighted phishing-style signature prompts and multi-asset approval requests on the hijacked interface. These reports indicate that attackers may have attempted to exploit inattentive users by introducing a harmless-looking initial signature followed by approval prompts designed to drain assets. While individual experiences vary, the pattern is consistent with known DNS hijack techniques that replace legitimate frontends with malicious replicas.

Aerodrome’s team has stated that updates will follow as soon as it can confirm safe access routes. Until then, users are advised to avoid all official URLs and refrain from interacting with any interface claiming to represent Aerodrome.

Learn more: Crypto Rug Pulls Explained: How to Identify and Avoid Them

A Critical Moment for User Vigilance and Web3 Security

This Aerodrome frontend compromise highlights the persistent risks tied to DNS-level exploits in decentralized finance. Even well-established protocols can face disruptions when centralized domain providers are targeted, creating opportunities for attackers to impersonate trusted services. As Aerodrome continues working through its investigation, the incident serves as a reminder for users to confirm transaction prompts carefully, avoid interacting with unfamiliar interfaces, and monitor official communication channels during fast-moving security events.

The team’s reassurance that smart contracts remain secure offers some stability, but safe access will only resume once the investigation is fully resolved. For now, the community remains attentive, waiting for confirmation that Aerodrome’s domains are restored and free from malicious control.