Aerodrome Finance, the leading decentralized exchange (DEX) on Base’s blockchain network, suffered a DNS hijacking attack targeting its centralized domains (`.finance` and `.box`). The breach exposed users to sophisticated phishing attempts via malicious signature requests designed to drain wallets of NFTs, ETH, USDC, and WETH through unlimited approval prompts. While the team confirmed that smart contracts remained secure, the frontend compromise allowed attackers to deploy deceptive interfaces—first tricking users into signing a harmless-looking message (e.g., the number '1'), then instantly triggering drain transactions. Users who failed to scrutinize approvals risked losing their entire wallet balances. Aerodrome responded by shutting down compromised domains and directing users to decentralized mirrors (ENS-based URLs) while investigating the incident. The attack leveraged vulnerabilities in Box Domains’ infrastructure, suggesting a broader, coordinated threat against DeFi platforms. No confirmed losses were quantified in the report, but the exploit aligns with phishing-driven asset drainage, a high-risk vector in DeFi security.