Vitalik Buterin Warns Users After eth.limo ENS Gateway Hit by DNS Hijack

Ethereum co-founder Vitalik Buterin issued a public warning on April 18, 2026, urging users to avoid all eth.limo URLs after attackers compromised the popular ENS gateway through a DNS hijacking attack on its domain registrar.

eth.limo is one of the primary gateways that allows users to access Ethereum Name Service (ENS) domains through a standard web browser. ENS maps human-readable names like "vitalik.eth" to Ethereum addresses and decentralized content, but accessing that content through a conventional browser requires an intermediary layer. eth.limo serves as that bridge, translating Web3 addresses into URLs that traditional DNS infrastructure can resolve. That same reliance on DNS is what made it a target.

The attack did not compromise the ENS protocol itself or any smart contracts. Instead, the attacker gained control at the registrar level, the company responsible for managing the eth.limo domain registration. By hijacking the DNS records, the attacker could redirect users visiting eth.limo URLs to malicious destinations without any visible warning. Phishing pages, wallet drainers, and fake dApp frontends are the typical payloads in this class of attack, making it particularly dangerous for users who had no reason to suspect the familiar address had been weaponized.

DNS hijacking against crypto infrastructure is not new. The attack vector has hit exchanges, wallet services, and DeFi frontends repeatedly over the past several years. ENS gateways are a high-value target because of the trust users place in them: someone visiting a .eth domain through eth.limo expects to reach a verified, decentralized resource. That expectation becomes a liability the moment the gateway's DNS is under hostile control. The incident is a textbook example of the security tradeoff built into every Web2-to-Web3 bridge. Decentralized protocols gain usability by routing through centralized infrastructure, and that centralized layer inherits all the vulnerabilities of the traditional internet.

Users who need to access ENS-hosted content during the disruption can turn to alternative gateways. Several other resolvers exist, and users running a full node or a browser extension like MetaMask with ENS support can bypass HTTP gateways entirely, resolving .eth domains without touching centralized DNS at all. These options require more technical setup but eliminate the registrar attack surface.

The broader implication points to a structural problem the Ethereum developer community has debated for years. Convenience-layer infrastructure, the kind that makes Web3 accessible to non-technical users, almost always reintroduces the centralized chokepoints that decentralized systems are designed to remove. This incident will likely accelerate discussions around decentralized DNS alternatives such as IPFS-native resolution, ENS browser integration at the protocol level, and hardened registrar security practices for critical Web3 infrastructure. Until those solutions reach mainstream adoption, gateways like eth.limo remain a single point of failure sitting in front of an otherwise trustless system.