BlockBeats news, on April 20, according to The Block, the Ethereum Name Service (ENS) gateway eth.limo was briefly compromised at its domain registrar on Friday evening. In a post-incident analysis report released on Saturday, the project team stated that the incident resulted from a social engineering attack.
According to the post-incident report and another blog post published by Mark Jeftovic, at 7:07 PM Eastern Time on April 17, the attacker impersonated an eth.limo team member and tricked the domain registrar EasyDNS into initiating an account recovery process.
The timeline shows that at 2:23 AM on April 18, the attacker switched the domain name servers for eth.limo to Cloudflare, triggering an automatic downtime alert and alerting the eth.limo team. At 3:57 AM, the domain name servers were then switched to Namecheap. Finally, EasyDNS restored the team’s account access at 7:49 AM.
eth.limo is a free, open-source reverse proxy service that allows users to access content linked to Ethereum Name Service and hosted on IPFS, Arweave, or Swarm by appending ".limo" to any .eth domain in a standard web browser. According to data cited by EasyDNS, its wildcard DNS record *.eth.limo covers approximately 2 million .eth domains registered through ENS.