Back

EasyDNS Faces First Social Engineering Attack Resulting in eth.limo Hijack

Severity: Medium (Score: 51.1)

Sources: Panewslab, Theblock.Co

Summary

On April 17, 2026, the Ethereum Name Service gateway eth.limo was hijacked via a social engineering attack against domain registrar EasyDNS. An attacker impersonated an eth.limo team member, convincing EasyDNS to initiate an account recovery process. This allowed the attacker to change eth.limo's nameservers twice, but due to DNSSEC protections, the attack was mitigated, preventing any user impact. EasyDNS CEO Mark Jeftovic acknowledged this as the company's first successful social engineering breach in 28 years. The incident raised alarms as a potential hijack of a wildcard DNS record could have redirected traffic for approximately 2 million .eth domains. Vitalik Buterin warned users to avoid eth.limo URLs during the incident. EasyDNS plans to migrate eth.limo to a service that does not allow account recovery to enhance security. The situation was resolved by the morning of April 18, 2026. Key Points: • EasyDNS experienced its first social engineering attack in 28 years, leading to a brief hijack of eth.limo. • The attacker impersonated an eth.limo team member to manipulate EasyDNS into changing nameservers. • DNSSEC prevented the hijack from affecting users, with no reported impact on the 2 million domains.

Key Entities

  • Phishing (attack_type)
  • Aerodrome (company)
  • Domainsure (company)
  • EasyDNS (company)
  • Ethereum Name Service (company)
  • Eth.limo (company)
  • T1566 - Phishing (mitre_attack)
  • IPFS (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed