•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
A domain hijacking incident targeted the Ethereum Name Service (ENS) gateway eth.limo late Friday evening after an adversary manipulated EasyDNS personnel through social engineering, according to an update from the eth.limo team. The attackers briefly changed eth.limo’s DNS settings to redirect traffic to infrastructure controlled by other providers, but the changes were reversed. DNSSEC helped contain the incident, and the team reported no user impact.
The malicious actor initiated a fraudulent account recovery procedure with EasyDNS at 7:07 p.m. Eastern on April 17, impersonating legitimate eth.limo personnel. By 2:23 a.m. Eastern on April 18, the attacker had modified eth.limo’s nameserver configuration to point toward Cloudflare infrastructure. A second nameserver modification redirected traffic to Namecheap at 3:57 a.m. Eastern.
Legitimate account control was restored to the authentic eth.limo operators at 7:49 a.m. Eastern, ending approximately five hours of unauthorized access.
The eth.limo platform acts as a bridge between standard web browsers and ENS addresses. The service supports approximately 2 million .eth domains, including the personal website of Ethereum co-creator Vitalik Buterin at vitalik.eth.limo.
Had the hijack succeeded fully, the perpetrator could have redirected visitors across any .eth domain to malicious phishing infrastructure. Buterin issued warnings on Friday advising his audience to temporarily avoid all eth.limo URLs and instead access content through IPFS.
In its incident analysis, the eth.limo team said the attacker did not obtain eth.limo’s DNSSEC cryptographic signing keys. Without those keys, the attacker could not generate authentically signed DNS responses.
DNS resolver systems validating the modified nameserver data detected discrepancies with legitimate cryptographic records. Instead of routing users to attacker-controlled destinations, resolvers generated failure notifications.
The eth.limo team stated it is not aware of any user impact at this time. Buterin later verified on Saturday that the situation was resolved.
EasyDNS CEO Jeftovic released a personal statement titled “We screwed up and we own it.” He described the incident as the first successful social engineering penetration against any EasyDNS customer in the company’s nearly three-decade operating history.
Jeftovic said it would be the first successful social engineering attack against an EasyDNS client in its 28-year history, noting that there had been “countless attempts.” He also emphasized that no additional EasyDNS customers were compromised during the incident.
The eth.limo domain will migrate to Domainsure, an EasyDNS-affiliated platform intended for enterprise and high-security clients. The Domainsure architecture is designed to exclude account recovery functionality, removing the specific vulnerability vector exploited in this attack.
Jeftovic said EasyDNS continues investigating the precise method used by the attacker.
The incident adds to a broader pattern of DNS hijacks affecting decentralized finance infrastructure. In November 2025, DNS hijacks targeting decentralized exchanges Aerodrome and Velodrome led to more than $700,000 stolen from users after attackers compromised registrar NameSilo and stripped DNSSEC protections from those domains.
The eth.limo gateway has resumed normal operations under authorized team management.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
