Ethereum Co-Founder Vitalik Buterin has warned users to avoid all eth.limo domains after attackers compromised the gateway’s DNS registrar, exposing a core access layer used for Ethereum Name Service browsing.
The incident raised immediate security concerns across the Ethereum ecosystem and exposed ongoing reliance on centralized DNS infrastructure.
Buterin issued the warning on X shortly after the eth.limo team confirmed that attackers had hijacked its domain registrar account. Additionally, the team said it worked with partners to contain the breach. As a result, the compromise allowed potential traffic redirection across all *.eth.limo subdomains, including Ethereum-linked content accessed through standard browsers.
DNS registrar attack exposes Web3 weak point
eth.limo is a gateway for translating Ethereum Name Service names to HTTPS sites via open source software. This means that individuals can view distributed content on regular web browsers without having to run IPFS nodes. However, the platform relies on centralized DNS providers, which become one of its external dependencies.
The attackers hijacked the eth.limo registrar’s account and rerouted the requests for all subdomains. They were able to redirect the traffic to websites meant to imitate ENS data. For instance, Vitalik Buterin’s blog and other ENS-based pages became susceptible to the attack.
Web3 front-end risks and rising exploit trends
This incident is part of an escalating trend of front-end and DNS-based attacks targeting the decentralized finance (DeFi) sector. Recently, CowSwap also faced DNS spoofing and was compelled to halt APIs and front-end operations. The cybersecurity firm, Blockaid, detected a case of malicious routing and recommended revoking wallet permissions from users.
Attackers tend to use frontend services to launch an attack. Fraudulent websites can mimic the appearance of legitimate software and prompt users to perform malicious actions. This type of attack presents financial security risks even when the back end is protected.
Earlier DeFi exploits highlight the scale of ongoing vulnerabilities. Cream Finance lost nearly $19 million in a 2021 reentrancy attack.Â
Crypto-related losses reached $4.04 billion in 2025, according to PeckShield. Additionally, exploits made up 66% of total losses, while scams also increased sharply. As the underlying blockchain technology becomes harder to breach, infrastructure flaws, DNS spoofing, and social engineering remain the primary drivers of global crypto security breaches.Â
Also Read: Zcash Developers Patch Four Vulnerabilities in Dual Node Implementations
