Ethereum (ETH) co-founder Vitalik Buterin urged users on Apr. 18 to avoid all eth.limo addresses after the ENS gateway's domain registrar was breached.

Eth.limo Gateway Breach

The attack hit eth.limo, a free open-source gateway that routes Ethereum Name Service content to standard web browsers. It converts ENS names into HTTPS links, letting users reach decentralized sites without running an IPFS node.

Attackers seized control of the team's registrar account. That access let them redirect traffic across the wildcard *.eth.limo domain, opening the door to phishing pages or malware for anyone who visited.

Buterin posted a direct IPFS link to his blog as a safe workaround. He also asked readers to wait for confirmation from the team before returning to any eth.limo page.

"The kind people at @eth_limo have warned me that there has been an attack on their DNS registrar. So please do not visit vitalik.eth.limo or other eth.limo pages until they confirm that things are back to normal," Buterin wrote.

The eth.limo team confirmed the hijack minutes later and said it was working with involved parties to restore control.

Also Read: Mastercard Pilots Ripple's RLUSD For Card Settlement With Gemini

Web3 Registrar Risk

Security researchers say the incident exposes a familiar weak point. ENS records and IPFS content stayed intact, but the DNS layer that links them to mainstream browsers still runs through centralized registrars.

Similar registrar-level breaches previously hit DeFi protocols Cream Finance and Aerodrome. Crypto phishing losses topped $4 billion in 2025, and frontend hijacks now rank among the most common attack methods.

No user fund losses have been confirmed. The team has yet to issue an all-clear.

Read Next: Anchorage Digital Proposes Zero-Knowledge Fix For Bitcoin's Quantum Threat