Articles
Ethereum

Hackers impersonated eth.limo team to hijack its domain: Post-mortem

User Image

โดย ไม่ระบุชื่อ

สร้างแล้ว April 20, 2026|อ่านใน 2 นาที
Main Image

EasyDNS CEO Mark Jeftovic said the social engineering attack was highly sophisticated and the company is conducting further investigation to determine how the breach occurred.

Ethereum Name Service gateway eth.limo has revealed that the domain hijacking on Friday was caused by a social engineering attack directed against EasyDNS, its domain name service provider. 

According to a postmortem published by eth.limo on Saturday, an attacker impersonated one of its team members to initiate an account recovery process with easyDNS, granting access to the eth.limo account and allowing them to alter domain settings.

“The NS records were changed and directed to Cloudflare… Once we understood that a DNS hijack had taken place, we immediately notified the community as well as Vitalik Buterin and others. We then began contacting EasyDNS in an attempt to respond to the incident,” the company said.

Eth.limo serves as a Web2 bridge, providing access to around 2 million decentralized websites using the .eth domain name. Hijacking the service could allow an attacker to redirect users to malicious websites. Ethereum co-founder Vitalik Buterin warned users Friday to avoid his blog until the incident was resolved.

Mark Jeftovic, CEO of easyDNS, has publicly accepted responsibility for the incident in its own postmortem report. 

“We screwed up and we own it,” said Jeftovic on Saturday. 

Both companies have pointed to the Domain Name System Security Extension (DNSSEC) in thwarting the hacker’s attempts to do further damage. 

The attacker couldn’t produce valid cryptographic signatures, so Domain Name System resolvers rejected the attacker’s forged DNS responses, causing users to see error messages instead of being redirected to malicious sites. 

“DNSSEC was enabled for their domain when the attackers attempted to flip their nameservers, presumably to effect some manner of phishing or malware injection attack, DNSSEC-aware resolvers, which most are these days, began dropping queries,” Jeftovic said. 

In its postmortem, eth.limo noted that because the attacker lacked the signing keys, they were unable to bypass the safeguards, which likely “reduced the blast radius of the hijack. We are not aware of any user impact at this time. We will provide updates if that changes.”

Jeftovic described the social engineering attack as “highly sophisticated,” and said easyDNS is still conducting a post-mortem on how the breach occurred, and has already begun rolling out changes to prevent a recurrence.

“In eth.limo’s case, we will be migrating them to Domainsure, which has a security posture more suited toward enterprise and high-value fintech domains, TLDR there is no mechanism for an account recovery on Domainsure, it’s not a thing,” he added.

“On behalf of everyone here, I apologize to the eth.limo team and the wider Ethereum community. ENS has always had a special place in our heart as the first registrar to enable ENS linking to web2 domains and we’ve been involved in the space since 2017.”

Related: RaveDAO denies manipulation as Binance, Bitget probe RAVE trading activity

The eth.limo incident is the latest in a series of domain hijackings targeting crypto projects. Days earlier, decentralized exchange aggregator CoW Swap lost control of its website after an unknown party hijacked its domain. 

Steakhouse Financial, a DeFi advisory and research firm, similarly disclosed at the end of March that it had lost control of its domain to an attacker.

Magazine: Will the CLARITY Act be good — or bad — for DeFi?

Source: CoinTelegraph


บทความอื่นๆที่เผยแพร่เมื่อเร็วๆนี้

Bitcoin’s BIP 110 fork deadline nears with miner support at zero
Bitcoin’s BIP 110 fork deadline nears with miner support at zero

Bitcoin

The BIP 110 proposal would cap arbitrary data on Bitcoin for a year, but Saylor, Adam Back and other...

Empery Digital shares rise after selling Bitcoin to fund AI data center project
Empery Digital shares rise after selling Bitcoin to fund AI data center project

Bitcoin

The sales come months after a major Empery shareholder demanded the firm ditch its Bitcoin treasury ...

Bitcoin bulls Michael Saylor, Adam Back slam BIP-110 Ordinals proposal
Bitcoin bulls Michael Saylor, Adam Back slam BIP-110 Ordinals proposal

Bitcoin

The ongoing debate comes despite a broad downturn in Ordinals transaction activity over the last two...

Lending protocol Bonzo loses 77% of value locked as $9 million oracle exploit rattles Hedera
Lending protocol Bonzo loses 77% of value locked as $9 million oracle exploit rattles Hedera

Crypto Market Analysis

Bonzo Lend lost approximately $9.05 million after an attacker exploited a verification flaw in a thi...

AI found an Ethereum bug that could take validators offline, but humans had to prove it
AI found an Ethereum bug that could take validators offline, but humans had to prove it

Ethereum

The Ethereum Foundation pointed coordinated AI agents at the software its validators run and got a r...

Bitcoin treasury company Empery Digital sold about half of its BTC stack
Bitcoin treasury company Empery Digital sold about half of its BTC stack

Bitcoin

It's a sign of the times as the troubled company swaps its bitcoin treasury ambitions for AI data ce...