Bitcoin
Bitcoin (BTC)
$74,959.00 -0.38986
Bitcoin price
Ethereum
Ethereum (ETH)
$2,302.49 -0.66785
Ethereum price
BNB
BNB (BNB)
$624.60 0.51534
BNB price
Solana
Solana (SOL)
$84.94 0.1014
Solana price
XRP
XRP (XRP)
$1.41 -0.72331
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.000006 0.05467
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000038 0.1607
Pepe price
Bonk
Bonk (BONK)
$0.0000061 1.46723
Bonk price
dogwifhat
dogwifhat (WIF)
$0.199189 -0.6404
dogwifhat price
Popcat
Popcat (POPCAT)
$0.058077 -3.45845
Popcat price
Bitcoin
Bitcoin (BTC)
$74,959.00 -0.38986
Bitcoin price
Ethereum
Ethereum (ETH)
$2,302.49 -0.66785
Ethereum price
BNB
BNB (BNB)
$624.60 0.51534
BNB price
Solana
Solana (SOL)
$84.94 0.1014
Solana price
XRP
XRP (XRP)
$1.41 -0.72331
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.000006 0.05467
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000038 0.1607
Pepe price
Bonk
Bonk (BONK)
$0.0000061 1.46723
Bonk price
dogwifhat
dogwifhat (WIF)
$0.199189 -0.6404
dogwifhat price
Popcat
Popcat (POPCAT)
$0.058077 -3.45845
Popcat price
Bitcoin
Bitcoin (BTC)
$74,959.00 -0.38986
Bitcoin price
Ethereum
Ethereum (ETH)
$2,302.49 -0.66785
Ethereum price
BNB
BNB (BNB)
$624.60 0.51534
BNB price
Solana
Solana (SOL)
$84.94 0.1014
Solana price
XRP
XRP (XRP)
$1.41 -0.72331
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.000006 0.05467
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000038 0.1607
Pepe price
Bonk
Bonk (BONK)
$0.0000061 1.46723
Bonk price
dogwifhat
dogwifhat (WIF)
$0.199189 -0.6404
dogwifhat price
Popcat
Popcat (POPCAT)
$0.058077 -3.45845
Popcat price
Bitcoin
Bitcoin (BTC)
$74,959.00 -0.38986
Bitcoin price
Ethereum
Ethereum (ETH)
$2,302.49 -0.66785
Ethereum price
BNB
BNB (BNB)
$624.60 0.51534
BNB price
Solana
Solana (SOL)
$84.94 0.1014
Solana price
XRP
XRP (XRP)
$1.41 -0.72331
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.000006 0.05467
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000038 0.1607
Pepe price
Bonk
Bonk (BONK)
$0.0000061 1.46723
Bonk price
dogwifhat
dogwifhat (WIF)
$0.199189 -0.6404
dogwifhat price
Popcat
Popcat (POPCAT)
$0.058077 -3.45845
Popcat price

EasyDns admits to security failure following eth.limo domain hijack

Rony Roy
Edited by
News
EasyDns admits to security failure following eth.limo domain hijack - 1

EasyDNS has confirmed that a security failure within its own systems allowed a social engineering attacker to briefly seize control of eth.limo, a primary gateway for the Ethereum Name Service.

Summary
  • An attacker impersonated an eth.limo team member to bypass account recovery protocols at easyDNS and gain control of domain settings.
  • DNSSEC safeguards prevented the redirection of users to malicious sites by rejecting forged responses that lacked valid cryptographic signatures.
  • EasyDNS is migrating the service to Domainsure to eliminate account recovery vulnerabilities and prevent future social engineering breaches.

The incident occurred on Friday when an attacker successfully impersonated an eth.limo team member to initiate an account recovery process, gaining the authority to modify name server records and redirect the domain to Cloudflare.

The eth.limo team, in a post-mortem published Saturday, stated that they immediately notified the community and prominent figures like Ethereum co-founder Vitalik Buterin once the DNS hijack was identified. 

Serving as a bridge for roughly 2 million decentralized websites, eth.limo is a high-stakes target because a successful compromise could allow hackers to divert users to malicious pages. Buterin himself issued an urgent warning on Friday, advising his readers to avoid his blog until the team could restore secure operations.

Security extensions prevent widespread impact

EasyDNS CEO Mark Jeftovic noted that the presence of Domain Name System Security Extension (DNSSEC) played a critical role in stopping the attacker from causing further damage. 

Because the hacker lacked the necessary cryptographic signing keys, modern DNS-aware resolvers rejected the forged responses, resulting in users seeing error messages rather than being funneled to phishing sites.

“We screwed up and we own it,” Jeftovic stated on Saturday, acknowledging that this was the first successful social engineering breach in the provider’s 28-year history.

The eth.limo developers highlighted in their own report that these safeguards likely reduced the “blast radius” of the hijack. While the service was disrupted, the team is currently unaware of any confirmed user impact or fund losses. 

Jeftovic added that eth.limo is now being migrated to Domainsure, an enterprise-grade platform that does not offer a manual account recovery mechanism, effectively closing the loophole exploited in this attack.

The latest incident is one of the many recent infrastructure attacks hitting the crypto sector. Only days earlier, on April 14, the decentralized exchange aggregator CoW Swap lost control of its domain for several hours following a similar social engineering attack against the .fi registry, leading to an estimated loss of $1.2 million from affected users.