Vitalik Warns: Stay Away From eth.limo After DNS Registrar Gets Hit

Vitalik Buterin urges users to avoid eth.limo after a DNS registrar attack. Access his blog via IPFS until the team confirms recovery.

Ethereum co-founder Vitalik Buterin went public with a security warning on April 18. The target was eth.limo, a widely used ENS gateway. He urged users to stay off the platform entirely until further notice.

The warning came straight from Buterin himself on X. He confirmed that the eth.limo team reached out to him directly about the breach.

According to Vitalik Buterin on X, the eth_limo team warned him that attackers had compromised their DNS registrar. He told followers not to visit vitalik.eth.limo or any other eth.limo pages. Not until the team gives the all-clear.

What Got Hit and Why It Matters

eth.limo is not a small service. It handles over 17,000 unique ENS domains. The gateway processes between one and 1.5 million requests daily on average. That scale makes a DNS-level attack particularly serious.

A DNS registrar attack lets bad actors redirect traffic. Visitors think they are on a legitimate site. They are not. Wallets get drained. Credentials get stolen. It’s a known attack type with real damage history.

Buterin offered a workaround. His blog is still reachable through IPFS directly at this address: https://bafybeiaql2jo3fu5b7c4lmpoi5drh5sam7yt652shwdgwbky4o7uw33u2u.ipfs.dweb.link. That route bypasses the compromised registrar entirely.

The IPFS Workaround Vitalik Pointed To

This is not Buterin’s first public call for users to take privacy and security seriously. He has consistently pushed back on centralized infrastructure risks. The eth.limo attack is exactly the kind of off-chain vulnerability he has flagged before.

The eth.limo team had not yet confirmed full recovery at the time of the post. No timeline was given. Buterin’s message was simple: wait it out, use IPFS in the meantime.

For users who rely on ENS-based gateways to access Ethereum-native content, the attack is a sharp reminder. DNS infrastructure sits outside the blockchain. It does not carry the same security guarantees. And it can be compromised.

No Funds Stolen Yet, but Risk Stays High

There was no immediate report of user funds being drained through this specific attack. But that does not reduce the threat level. DNS hijacks often work silently. Users may not know they were redirected at all.

The eth.limo team was working to recover the registrar at time of writing. Buterin’s post on X asked users to check back only after an official confirmation from the team.

Until then, eth.limo pages remain off-limits.