•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Ethereum Name Service gateway eth.limo said the domain hijacking reported on Friday was the result of a social engineering attack aimed at EasyDNS, its domain name service provider. In a postmortem published on Saturday, eth.limo said the attacker impersonated a team member to trigger an account recovery process with EasyDNS, which granted access to the eth.limo account and enabled changes to domain settings.
According to eth.limo, the attacker altered the domain’s NS (nameserver) records and redirected them to Cloudflare. Once eth.limo determined that a DNS hijack had occurred, it said it notified the community and Vitalik Buterin and began contacting EasyDNS to address the incident.
eth.limo described its service as a Web2 bridge that provides access to around 2 million decentralized websites using the .eth domain name. It said hijacking the service could enable an attacker to redirect users to malicious websites.
Vitalik Buterin warned users on Friday to avoid his blog until the incident was resolved. In its own postmortem report, EasyDNS CEO Mark Jeftovic publicly accepted responsibility, saying, “We screwed up and we own it.” He added that the incident would be the first successful social engineering attack against an EasyDNS client in its 28-year history, noting that there have been “countless attempts.”
Both eth.limo and EasyDNS pointed to the Domain Name System Security Extension (DNSSEC) as a factor that helped prevent further harm. Jeftovic said the attacker could not produce valid cryptographic signatures, so DNS resolvers rejected the forged DNS responses. As a result, users reportedly saw error messages rather than being redirected to malicious sites.
Jeftovic said DNSSEC was enabled for the eth.limo domain when attackers attempted to change nameservers, “presumably to effect some manner of phishing or malware injection attack.”
EasyDNS said it is still conducting a postmortem to determine how the breach occurred and has begun rolling out changes to prevent a recurrence. Jeftovic described the social engineering attack as “highly sophisticated.”
For eth.limo specifically, EasyDNS said it will be migrating the service to Domainsure. Jeftovic said Domainsure’s security posture is more suited to “enterprise and high-value fintech domains,” and noted that “there is no mechanism for an account recovery on Domainsure, it’s not a thing.”
Jeftovic also issued an apology to the eth.limo team and the wider Ethereum community, saying ENS has “always had a special place” in EasyDNS’s work as the first registrar to enable ENS linking to Web2 domains and that it has been involved in the space since 2017.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
