Velodrome and Aerodrome Suffer Dual Frontend Hacks in 3 Days 

The attackers created malicious clones of the Velodrome and Aerodrome websites, compromising user wallets and assets.

Velodrome getting hacked on a plane.
Created by Kornelija Poderskytė from DailyCoin
  • DeFi protocols Velodrome and Aerodrome suffered major database attacks.
  • The cyberattacks compromised the protocols’ websites and resulted in losses for investors.
  • An investigation to unveil the tracks of the exploiters is underway.

The ongoing Bitcoin rally has spurred a bullish trend for the cryptocurrency industry, marking financial gains and recoveries for investors. However, where financial fortunes are made, opportunities emerge for malicious actors who lurk in the shadows, waiting for the perfect opportunity to strike. 

The latest to feel their burn are decentralized protocols VelodromeFi and AerodromeFi, which suffered two major security failures within a brief period.

VelodromeFi and AerodromeFi Hacked 

In a December 3 report, liquidity marketplaces Velodrome and Aerodrome announced that their database service providers had suffered major security failures, compromising their front-end servers.  

Sponsored

The disclosure came on the heels of two separate reports on November 29 and December 2, where both platforms independently revealed incidents of a Domain Name System (DNS) attack, targeting their official website links with the primary objective of overtaking control.

The perpetrators gained unauthorized control of the account holding both protocols’ domain names through a social engineering attack on the registrar. They bypassed the platforms’ 2FA and other security measures, gaining access to change the domains’ nameservers and diverting legitimate traffic to malicious clones of the Velodrome and Aerodrome websites.

The faulted websites prompted users to connect their wallets and sign transactions to pre-specified wallets on multiple chains, resulting in the staggering loss of $250,000 for affected Velodrome and Aerodrome users.

The DeFi protocols have since launched investigations and opened a bounty program in collaboration with Arkham Intelligence to trace the attackers, offering rewards for information on the attack and its perpetrators.

Despite the weight of the Velodrome and Aerodrome attacks, they represent merely a fraction of the cyberattacks that have plagued the crypto industry throughout the year.

The 2023 Cyber Onslaught

From blockchain networks to DeFi protocols and exchanges, 2023 witnessed a surge in hacks and scams, resulting in losses surpassing $920 million.

Highlighting some of the most notable hacks this year, Mixin Kernel suffered a cyber attack in which $200 million in liquid assets were siphoned. 

In addition, cryptocurrency exchange Poloniex suffered a cyber heist on November 10, resulting in the loss of $100 million across several accounts.

DeFi protocol KyberSwap was hacked for approximately $47 million on November 23 after a cyber attacker breached its database in a flash loan exploit. The protocol has since been engaged in intense negotiations with the perpetrator in an effort to recover the stolen funds.

On the Flipside

  • The frequency of cyberattacks on both VelodromeFi and AerodromeFi within a brief period raises concerns about potential incompetencies in the protocols’ structures.
  • The notorious North Korean-linked hacker group Lazarus has stolen over $3 billion from the crypto industry in the past six years.
  • Crypto entities are devising new means to facilitate asset recoveries, including engaging in open negotiations with perpetrators.

Why This Matters

The coordinated frequency of cyber attacks on the cryptocurrency industry emphasizes the existing security vulnerabilities within the ecosystem. It underscores the need for strengthened security measures to safeguard investors and entities from additional losses.

Find out more on the ongoing BTC surge:
Bitcoin (BTC) Breaches $40,000 Price Level Over Weekend

Ark Invest is diversifying its portfolio amid the ongoing market rally. Read more:
Ark Invest Dumps $15M Worth of Coinbase Shares

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Grace Abidemi

Grace is a crypto reporter for DailyCoin, covering a diverse range of market updates. Grace has minor holdings in Bitcoin & Solana, and moderate holdings in Rune & XRP.

Read more