EasyDNS Suffers Social Engineering Attack, Briefly Hijacking eth.limo Domain

EasyDNS Suffers Social Engineering Attack, Briefly Hijacking eth.limo Domain

First seen 20 Apr 2026, 07:59 UTC Theblock.CoPanewslabCointelegraphMexcCryptonews+1 91% similarity 54.8

Article Content

Browse articles
ThreatCluster

On April 17, 2026, the Ethereum Name Service gateway eth.limo was briefly hijacked due to a social engineering attack against its domain registrar, EasyDNS. An attacker impersonated a team member to initiate an account recovery process, allowing them to change the domain's nameservers to Cloudflare and then to Namecheap. This incident triggered automated alerts that alerted the eth.limo team, who quickly responded. The attack was mitigated by DNSSEC, which prevented the attacker from redirecting traffic to malicious sites. EasyDNS acknowledged this as its first successful social engineering breach in 28 years, and both companies reported no user impact. EasyDNS CEO Mark Jeftovic accepted responsibility and announced that eth.limo would migrate to Domainsure, which lacks an account recovery mechanism. Vitalik Buterin warned users to avoid eth.limo links during the incident, confirming the situation was resolved the following day.

Key Points: • The eth.limo domain was hijacked through a social engineering attack on EasyDNS. • DNSSEC prevented further damage by rejecting the attacker's forged DNS responses. • EasyDNS will migrate eth.limo to a service without account recovery options to enhance security.

ThreatCluster AI

Timeline

2026-04-17
Attacker impersonates eth.limo team member to initiate account recovery.
2026-04-18
Nameservers changed to Cloudflare at 2:23 a.m. EDT.
2026-04-18
Nameservers switched to Namecheap at 3:57 a.m. EDT.
2026-04-18
EasyDNS restores account access at 7:49 a.m. EDT.
2026-04-19
EasyDNS and eth.limo publish post-mortems on the incident.
2026-04-20
Vitalik Buterin confirms the issue is resolved.

Community

Browse all →