eth.limo DNS Hacked, Vitalik Buterin Issues Urgent Warning

Show AI Summary

Ethereum’s reliance on centralized DNS infrastructure poses significant security risks to the ecosystem

The eth.limo domain compromise exposes a weak point in Web3, affecting distributed content accessibility

The incident is part of a rising trend of front-end and DNS-based attacks targeting the decentralized finance sector

Ethereum Co-Founder Vitalik Buterin has warned users to avoid all eth.limo domains after attackers compromised the gateway’s DNS registrar, exposing a core access layer used for Ethereum Name Service browsing.

The incident raised immediate security concerns across the Ethereum ecosystem and exposed ongoing reliance on centralized DNS infrastructure.

Buterin issued the warning on X shortly after the eth.limo team confirmed that attackers had hijacked its domain registrar account. Additionally, the team said it worked with partners to contain the breach. As a result, the compromise allowed potential traffic redirection across all *.eth.limo subdomains, including Ethereum-linked content accessed through standard browsers.

The kind people at @eth_limo have warned me that there has been an attack on their DNS registrar. So please do not visit https://t.co/2EcsFBZY0b or other https://t.co/9nFLru9kS0 pages until they confirm that things are back to normal.

You can check my blog via IPFS directly…
— vitalik.eth (@VitalikButerin) April 18, 2026

DNS registrar attack exposes Web3 weak point

eth.limo is a gateway for translating Ethereum Name Service names to HTTPS sites via open source software. This means that individuals can view distributed content on regular web browsers without having to run IPFS nodes. However, the platform relies on centralized DNS providers, which become one of its external dependencies.

The attackers hijacked the eth.limo registrar’s account and rerouted the requests for all subdomains. They were able to redirect the traffic to websites meant to imitate ENS data. For instance, Vitalik Buterin’s blog and other ENS-based pages became susceptible to the attack.

Web3 front-end risks and rising exploit trends

This incident is part of an escalating trend of front-end and DNS-based attacks targeting the decentralized finance (DeFi) sector. Recently, CowSwap also faced DNS spoofing and was compelled to halt APIs and front-end operations. The cybersecurity firm, Blockaid, detected a case of malicious routing and recommended revoking wallet permissions from users.

Attackers tend to use frontend services to launch an attack. Fraudulent websites can mimic the appearance of legitimate software and prompt users to perform malicious actions. This type of attack presents financial security risks even when the back end is protected.

Earlier DeFi exploits highlight the scale of ongoing vulnerabilities. Cream Finance lost nearly $19 million in a 2021 reentrancy attack.

Crypto-related losses reached $4.04 billion in 2025, according to PeckShield. Additionally, exploits made up 66% of total losses, while scams also increased sharply. As the underlying blockchain technology becomes harder to breach, infrastructure flaws, DNS spoofing, and social engineering remain the primary drivers of global crypto security breaches.

Also Read: Zcash Developers Patch Four Vulnerabilities in Dual Node Implementations

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!