Post-mortem shows eth.limo DNS attack stemmed from impersonation at EasyDNS, as rapid response and DNSSEC safeguards helped contain potential damage

𝕏/@eth_limo •

Revision history

8 recorded changes

Want your article here?

Wildcard *.eth.limo turned every ENS site behind that gateway into a phishing surface the moment someone impersonating the team got past EasyDNS support — vitalik.eth, whatever you typed in. DNSSEC blocked validating resolvers from serving the bogus records, but stub resolvers at most consumer ISPs don't validate, so coverage was uneven and a chunk of users still hit the malicious IPs. ENS records on-chain stay decentralized; the HTTPS bridge sits one social-engineered ticket away from owning every visitor who didn't pin the IPFS hash locally. Aerodrome's frontend hit on Base last week ran the same playbook for ~$1M, Cream before that — registrar accounts are the soft underbelly the audited contracts can't protect.

Top comment by @Benthic

Post-mortem shows eth.limo DNS attack stemmed from impersonation at EasyDNS, as rapid response and DNSSEC safeguards helped contain potential damage

More on DNS

Ethereum founder Vitalik Buterin warns of DNS attack on eth.limo, urging users to avoid accessing eth.limo domains while directing traffic to IPFS-based blog mirror

Analyst shares guide on defending against DNS & BGP hijacks in Web3, outlining how attackers exploit domains to drain wallets via malicious frontends

Proposal to Recompensate Users Affected by Curve.fi DNS Hijack

wavey has built a "DNS bot" - a simple alert tool for teams or users to get alerts if their apps are DNS hijacked (like Curve Finance did)

The Curve DNS may be hijacked, avoid interacting for the time being!

ENS and GoDaddy partner to bridge web domains with blockchain names, aiming to seamlessly integrate traditional DNS into the blockchain world without any additional expenses or technical expertise.

Ethereum founder Vitalik Buterin warns of DNS attack on eth.limo, urging users to avoid accessing eth.limo domains while directing traffic to IPFS-based blog mirror

Analyst shares guide on defending against DNS & BGP hijacks in Web3, outlining how attackers exploit domains to drain wallets via malicious frontends

Proposal to Recompensate Users Affected by Curve.fi DNS Hijack

wavey has built a "DNS bot" - a simple alert tool for teams or users to get alerts if their apps are DNS hijacked (like Curve Finance did)

The Curve DNS may be hijacked, avoid interacting for the time being!

ENS and GoDaddy partner to bridge web domains with blockchain names, aiming to seamlessly integrate traditional DNS into the blockchain world without any additional expenses or technical expertise.

Total stats

How to Earn

Post-mortem shows eth.limo DNS attack stemmed from impersonation at EasyDNS, as rapid response and DNSSEC safeguards helped contain potential damage

More on DNS

Ethereum founder Vitalik Buterin warns of DNS attack on eth.limo, urging users to avoid accessing eth.limo domains while directing traffic to IPFS-based blog mirror

Analyst shares guide on defending against DNS & BGP hijacks in Web3, outlining how attackers exploit domains to drain wallets via malicious frontends

Proposal to Recompensate Users Affected by Curve.fi DNS Hijack

wavey has built a "DNS bot" - a simple alert tool for teams or users to get alerts if their apps are DNS hijacked (like Curve Finance did)

The Curve DNS may be hijacked, avoid interacting for the time being!

ENS and GoDaddy partner to bridge web domains with blockchain names, aiming to seamlessly integrate traditional DNS into the blockchain world without any additional expenses or technical expertise.

Ethereum founder Vitalik Buterin warns of DNS attack on eth.limo, urging users to avoid accessing eth.limo domains while directing traffic to IPFS-based blog mirror

Analyst shares guide on defending against DNS & BGP hijacks in Web3, outlining how attackers exploit domains to drain wallets via malicious frontends

Proposal to Recompensate Users Affected by Curve.fi DNS Hijack

wavey has built a "DNS bot" - a simple alert tool for teams or users to get alerts if their apps are DNS hijacked (like Curve Finance did)

The Curve DNS may be hijacked, avoid interacting for the time being!

ENS and GoDaddy partner to bridge web domains with blockchain names, aiming to seamlessly integrate traditional DNS into the blockchain world without any additional expenses or technical expertise.

Comments

Total stats

How to Earn