EasyDNS Suffers Social Engineering Attack, Briefly Hijacking eth.limo Domain

Severity: Medium (Score: 54.8)

Sources: Cointelegraph, Panewslab, Theblock.Co, Mexc

Summary

On April 17, 2026, the Ethereum Name Service gateway eth.limo was briefly hijacked due to a social engineering attack against its domain registrar, EasyDNS. An attacker impersonated a team member to initiate an account recovery process, allowing them to change the domain's nameservers to Cloudflare and then to Namecheap. This incident triggered automated alerts that alerted the eth.limo team, who quickly responded. The attack was mitigated by DNSSEC, which prevented the attacker from redirecting traffic to malicious sites. EasyDNS acknowledged this as its first successful social engineering breach in 28 years, and both companies reported no user impact. EasyDNS CEO Mark Jeftovic accepted responsibility and announced that eth.limo would migrate to Domainsure, which lacks an account recovery mechanism. Vitalik Buterin warned users to avoid eth.limo links during the incident, confirming the situation was resolved the following day. Key Points: • The eth.limo domain was hijacked through a social engineering attack on EasyDNS. • DNSSEC prevented further damage by rejecting the attacker's forged DNS responses. • EasyDNS will migrate eth.limo to a service without account recovery options to enhance security.

Key Entities

• Malware (attack_type)
• Phishing (attack_type)
• Aerodrome (company)
• CoW Swap (company)
• Domainsure (company)
• EasyDNS (company)
• Ethereum Name Service (company)
• CWE-287 - Improper Authentication (cwe)
• Financial (industry)
• T1098 - Account Manipulation (mitre_attack)
• T1566 - Phishing (mitre_attack)
• Dnssec (platform)
• IPFS (platform)