What happened in the eth.limo domain hack?

The eth.limo domain was hijacked after an attacker used social engineering to gain access to its EasyDNS account. The attacker changed DNS settings, potentially allowing users to be redirected to malicious sites before the issue was contained.

How did the hacker gain control of the eth.limo domain?

The attacker impersonated a team member and initiated an account recovery process with EasyDNS. This allowed them to bypass normal access controls and take control of the domain’s name server settings.

Who is responsible for the eth.limo breach?

EasyDNS accepted responsibility for the incident, with CEO Mark Jeftovic stating it was the first successful social engineering attack against one of its clients. The breach was caused by human-targeted manipulation rather than a technical exploit.

Why is eth.limo important to the crypto ecosystem?

eth.limo acts as a Web2 gateway for Ethereum Name Service (ENS) domains, enabling access to around two million .eth websites. This makes it a critical bridge between traditional internet infrastructure and decentralised web services.

Were users affected by the eth.limo hack?

There is no confirmed user impact so far. Security measures prevented the attacker from successfully redirecting users to malicious websites, limiting the damage.

How did DNSSEC help prevent further damage?

DNSSEC (Domain Name System Security Extensions) blocked the attacker’s fake DNS responses because they lacked valid cryptographic signatures. This caused many systems to reject the malicious data, preventing phishing or malware redirection.

Why did Vitalik Buterin warn users during the incident?

Vitalik Buterin warned users to avoid affected services as a precaution while the domain was compromised. This helped reduce the risk of users interacting with potentially unsafe content.

What changes is EasyDNS making after the breach?

EasyDNS is strengthening its security processes and plans to migrate eth.limo to a more secure system that removes account recovery options. This reduces the risk of similar social engineering attacks in the future.

Eth.limo hack traced to social engineering breach

Written by Heidi Cuthbert Published Apr. 20 2026

Ethereum Name Service gateway eth.limo said its domain hijack was caused by a social engineering attack targeting its domain provider EasyDNS, allowing an attacker to gain account access and alter DNS records.

The attacker impersonated a team member to trigger an account recovery process, redirecting the domain’s name server records before the breach was identified and mitigated.

“We screwed up and we own it,”

Said Mark Jeftovic, confirming the incident marked the first successful social engineering attack against an EasyDNS client.

The hijack briefly raised concerns as eth.limo acts as a Web2 gateway to around two million .eth domains, meaning compromised access could have redirected users to malicious websites.

However, both eth.limo and EasyDNS said Domain Name System Security Extensions (DNSSEC) prevented further damage by blocking invalid cryptographic signatures, limiting the attack’s impact.

Ethereum co-founder Vitalik Buterin had earlier warned users to avoid affected services until the issue was resolved.

EasyDNS said it is implementing stronger security measures, including migrating eth.limo to a more secure system without account recovery features, as crypto-related domain hijacks continue to rise.

At the time of reporting, Ethereum price was $2,284.30.