Prior exploit count

Aerodrome Finance's assessment for RD-F-077 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

3 distinct frontend/DNS incidents: 2023-11-28 (~$40K-$100K, Porkbun registrar), 2023-12-02 (same Porkbun attack class, second event), 2025-11-21 (~$700K, NameSilo insider). No smart-contract exploits. Yellow: multiple incidents with no full user recovery (2023 = no refund; 2025 = grant program announced, unconfirmed disbursement). Red requires â‰¥2 or any unrecovered loss â€” threshold met on count, but frontend-only nature with partial 2025 remediation lands yellow.

Sources #

URL
Velodrome, Aerodrome websites compromised for second time in daysThe Block â€” second Aerodrome/Velodrome frontend attack Dec 2023retrieved 2026-05-04
URL
Velodrome, Aerodrome hit by attack on front-end websitesThe Block â€” first Aerodrome/Velodrome frontend attack Nov 2023retrieved 2026-05-04
URL
Explained: The Aerodrome Finance Hack (November 2025)Halborn â€” Explained the Aerodrome Finance Hack November 2025retrieved 2026-05-04
URL
Aerodrome and Velodrome Published Report on NameSilo HackIncrypted â€” Aerodrome/Velodrome NameSilo hack report (2025-11-21 post-mortem summary)retrieved 2026-05-04

Methodology #

Count the number of distinct incidents in the hack database affecting this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aerodrome factor RD-F-077 score yellow collected_at 2026-05-04 19:56:03