Ethereum co-founder Vitalik Buterin publicly issued a warning after a DNS registrar attack struck eth.limo, a leading gateway for Ethereum Name Service (ENS) domains. The incident, which surfaced on April 18, prompted Buterin to urge users to refrain from visiting any eth.limo-powered pages until the threat is fully resolved.
eth.limo breach threatens key ENS infrastructure
eth.limo is a major infrastructure provider that routes access to over 17,000 ENS domains and handles between one and 1.5 million daily requests. This scale makes it a critical entry point for Ethereum-linked content and apps.
The breach occurred after attackers compromised eth.limo’s DNS registrar, allowing them to potentially redirect visitors to malicious sites. Such attacks enable theft of credentials or crypto assets by mimicking legitimate sites.
As soon as eth.limo’s team became aware of the breach, they contacted Buterin directly. In response, he announced the platform should be considered unsafe until developers confirm it is secure again.
Vitalik Buterin is one of Ethereum’s original creators and widely regarded as a thought leader on smart contracts and decentralized technology. His statements often prompt quick action across the Ethereum ecosystem due to his influence and technical credibility.
temporary solutions and ongoing risks
While the attack remains unresolved, Buterin has recommended accessing his official blog and other content via InterPlanetary File System (IPFS) links, which route outside traditional DNS infrastructure. This workaround bypasses compromised registrars.
For example, Buterin’s blog can still be accessed through its IPFS URL, ensuring readers avoid any potential redirects resulting from the DNS hijack. This shift to decentralized web protocols highlights a growing recognition of blockchain-adjacent security challenges.
Buterin has previously called for heightened vigilance around off-chain risks, particularly those relating to centralized infrastructure like DNS services. The eth.limo attack directly demonstrates vulnerabilities that exist outside core blockchain layers.
user impact and status update
Although there were no confirmed cases of user funds being stolen at the time of the incident, DNS-level compromises typically operate quietly and can go undetected by most users. As a result, even without immediate financial loss, the risk remains significant until a full recovery is confirmed.
The eth.limo team continues to work to regain control of their domain registrar. Currently, no official timeline has been provided for the completion of recovery efforts and full restoration of safe service.
Vitalik Buterin has publicly cautioned users to avoid eth.limo resources for now, recommending that ENS users watch for an official green light from the platform before resuming normal activity.
Buterin emphasized to his followers that, “until the eth.limo team confirms resolution, users should not visit any eth.limo domain and should use IPFS as an alternative for now.”
