Vitalik Buterin Warns Users After eth.limo DNS Hijack

Ethereum co-founder Vitalik Buterin warned users on April 18 to stop visiting any eth.limo URLs after the popular ENS gateway suffered a DNS registrar attack.

The eth.limo team confirmed the compromise minutes later, stating its domain had been hijacked and that it was working with all involved parties to fix the problem.

What Happened to eth.limo

Eth.limo is a free, open-source gateway that lets users access Ethereum Name Service (ENS) content through standard web browsers. It translates ENS names into HTTPS URLs, allowing anyone to visit decentralized websites without running an IPFS node.

The attacker gained control of eth.limo’s account at its domain registrar. This gave them the ability to redirect all traffic on the wildcard *.eth.limo domain, potentially exposing visitors to phishing pages or malware.

Buterin shared a direct IPFS link to his personal blog as a safe alternative and asked users to wait for an all-clear from the eth.limo team before resuming normal access.

“The kind people at @eth_limo have warned me that there has been an attack on their DNS registrar. So please do not visit vitalik.eth.limo or other eth.limo pages until they confirm that things are back to normal,” wrote Buterin.

Decentralization’s Centralized Weak Spot

The incident highlights a recurring vulnerability in Web3 infrastructure. While ENS records and IPFS content remain decentralized and were not compromised, the DNS layer that connects them to traditional browsers still depends on centralized registrars.

Similar attacks have previously targeted DeFi protocols like Cream Finance and Aerodrome, both through registrar-level compromises.

Crypto phishing losses exceeded $4 billion in 2025, with frontend hijacks becoming an increasingly common attack vector.

No user fund losses have been confirmed so far. The eth.limo team has not yet issued an all-clear, and users should continue avoiding all *.eth.limo URLs until further notice.