Low | Medium | High | Critical | Total | |
---|---|---|---|---|---|
Not fixed | - | - | - | - | 0 |
Fixed | 3 | 1 | - | - | 4 |
Total | 3 | 1 | 0 | 0 | 4 |
Click to show description
Quick Summary Velodrome DEX on Optimism chain was exploited due to a DNS attack, resulting in a loss of 42,000 USD. Details of the Exploit Velodrome, a decentralized trading protocol on the Optimism chain, experienced a DNS attack on November 29, 2023. The frontend was compromised, and users were urged not to interact with the platform. The Velodrome team regained control of their domain after a social engineering attack on their provider. However, the provider was exploited again, and the frontend was compromised a second time. The domain was eventually restored and locked at the TLD level. The stolen funds, totaling 42,000 USD, were distributed among multiple addresses and deposited into KuCoin. Block Data Reference Attacker Addresses: https://optimistic.etherscan.io/address/0xf64fCEdFCe714Bbe835761e54D7067f2f8231443 https://optimistic.etherscan.io/address/0x02BA13f39D7df9C3F7592257b636eD6C7CC4ae78 KuCoin Deposit Transactions: https://etherscan.io/tx/0xf51eac8b8ac04eae9212f02250f05cb02f95ccc9316b5f2469272420f2ca3e64 https://etherscan.io/tx/0x8ac2654b5526b4f9448529390f6679ada8b3dc7816525c9b7b9d8d46c3dc509e https://optimistic.etherscan.io/tx/0x607d00b8d3170407aafbb1bc45336a629d4304acfbc5a6eec8d5e455000c670e
# | Name | Auditor | Date | Chains | Issues |
---|---|---|---|---|---|
1 | Slipstream Dynamic Fee | ChainSecurity | 2025/01/13 | Off-Chain (Private) | No active critical issues |
2 | Epoch Governor | ChainSecurity | 2025/01/13 | Off-Chain (Private) | No active critical issues |
3 | Superchain Slipstream | ChainSecurity | 2024/11/13 | Off-Chain (Private) | No active critical issues |
4 | Velodrome Superchain Intero... | ChainSecurity | 2024/11/07 | Off-Chain (Private) | No active critical issues |
5 | Superchain diff | ChainSecurity | 2024/11/05 | Off-Chain (Private) | No active critical issues |