eth.limo domain hijack: EasyDNS confirms social engineering; DNSSEC limits harm

EasyDNS admitted a security failure that enabled a social engineering attacker to carry out an eth.limo domain hijack. The attacker impersonated an eth.limo team member to bypass EasyDNS account recovery, then changed eth.limo’s DNS settings to route through Cloudflare. In its post-mortem, eth.limo said it notified the community after the eth.limo domain hijack was detected and that it is not aware of confirmed user impact or fund losses. EasyDNS CEO Mark Jeftovic added that this was the first successful social engineering incident in the company’s 28-year history. A key mitigating factor was DNSSEC. EasyDNS said DNSSEC-aware resolvers rejected the forged DNS responses because the attacker lacked the required cryptographic signing keys, so users were more likely to see errors than be redirected to phishing sites. To reduce recurrence risk, EasyDNS is migrating eth.limo to Domainsure and removing the manual account-recovery pathway that was exploited. The report also points to a related incident: CoW Swap lost control of its domain for several hours after a social engineering attack against the .fi registry, with an estimated $1.2m impact. For ENS traders, this reinforces the need to monitor ENS-related access and reputational risk, even when DNSSEC limits blast radius.
Neutral
The eth.limo domain hijack is a security and infrastructure issue, not a direct protocol or token fundamental change for ETH. DNSSEC reportedly limited the damage to mostly resolver errors, reducing the likelihood of widespread user redirection or fund movement. EasyDNS’s planned migration to Domainsure should lower recurrence risk, which is positive for infrastructure credibility. Short term, heightened attention to ENS-related URLs and potential reputational spillovers could create mild volatility in liquidity or traffic surrounding ETH ecosystem services, but there is no confirmed user loss or direct impact to ETH pricing drivers. Long term, the incident reinforces the value of DNS security controls; however, market impact on ETH itself is likely limited unless additional confirmed large-scale incidents emerge—similar to the CoW Swap domain event cited.