On November 29, 2023, Aerodrome and Velodrome, central trading and liquidity marketplaces on Base and Optimism, respectively, were compromised in a suspected DNS attack. According to reports, over $70,000 was stolen through the attack and sent to different addresses.
Velodrome is one of the largest liquidity hubs on Optimism mainnet, managing over $138 million in total locked value. Aerodrome is a bit younger, given than Base Blockchain, launched recently, and has $63 million in total locked value.
On-chain sleuth ZachXBT noticed that about $70,000 was moved following the breach. He followed the transfer to two distinct addresses:
Address 1: https://etherscan.io/address/0x02BA13f39D7df9C3F7592257b636eD6C7CC4ae78
Address 2: https://etherscan.io/address/0xf64fCEdFCe714Bbe835761e54D7067f2f8231443
The exploiter then used MixSwap to wash his stolen funds.
MixSwap is a DeFi banking application on the Binance Smart Chain (BSC). Among its numerous services is transaction mixing, which helps blockchain users who want to remain anonymous hide the flow of their crypto transactions. After hacks, criminals usually siphon funds through many exchanges, but on-chain analysts can still track them. Crypto mixers are the only real way they can get away with it.
Velodrome released an announcement on November 30, 2023, reassuring their users that they were in control and were resolving the situation.
This goes to show the value that Velodrome brings to the blockchain space. Details of the hack are still coming in, and the bounty will hopefully help fish out the perpetrator quickly.