Ethereum Name Service gateway eth.limo has revealed its domain was hijacked Friday due to a social engineering attack against its provider, EasyDNS. An attacker impersonated an eth.limo team member to initiate an account recovery with EasyDNS, gaining access to alter domain settings.
The NS records were changed, redirecting traffic. Eth.limo, which provides access to approximately 2 million .eth domain websites, notified the community, including Vitalik Buterin, who advised users to avoid his blog until the incident was resolved.
EasyDNS CEO Mark Jeftovic accepted responsibility, calling it the first successful social engineering attack against an EasyDNS client in 28 years. Both companies highlighted that DNSSEC, a security extension, thwarted further damage. The attacker could not produce valid cryptographic signatures, causing DNS resolvers to reject forged responses and display error messages instead of redirecting users to malicious sites.
EasyDNS is migrating eth.limo to Domainsure, a provider with enhanced security for high-value fintech domains, which lacks an account recovery mechanism. This incident follows similar domain hijackings targeting crypto projects like CoW Swap and Steakhouse Financial.