Overview
- The hijack, which unfolded early Saturday, lasted about five hours before EasyDNS restored the eth.limo account at 7:49 a.m. EDT.
- Attackers posed as an eth.limo team member to trigger manual account recovery at the registrar and gain control of nameserver settings.
- DNSSEC checks blocked unsigned responses from the attacker, so many users saw errors instead of being sent to fake sites and no losses are known.
- EasyDNS CEO Mark Jeftovic apologized and said this was the company’s first successful social engineering breach in 28 years, and the domain is moving to Domainsure, which has no manual recovery.
- Eth.limo serves as a web gateway for roughly 2 million .eth addresses, including Vitalik Buterin’s blog, in a sector seeing similar registrar attacks such as CoW Swap’s April 14 takeover tied to about $1.2 million in losses.