The Ethereum Name Service (ENS) gateway, eth.limo, has released a report on a recent security incident. The domain was compromised due to an attack on the registrar easyDNS.
— ETH.LIMO 🦇🔊 (@eth_limo) April 18, 2026
The attacker impersonated a member of the eth.limo team, initiated an account recovery process at easyDNS, and gained access to the settings. They then altered the name server (NS) records and redirected them to Cloudflare.
Eth.limo serves as a bridge between Web2 and Web3, providing access to 2 million decentralized sites in the .eth domain. Due to the domain spoofing, users could have been redirected to phishing pages. Ethereum co-founder Vitalik Buterin advised against visiting his blog until the issue was resolved.
The kind people at @eth_limo have warned me that there has been an attack on their DNS registrar. So please do not visit https://t.co/2EcsFBZY0b or other https://t.co/9nFLru9kS0 pages until they confirm that things are back to normal.
You can check my blog via IPFS directly…
— vitalik.eth (@VitalikButerin) April 18, 2026
Mark Jeftovic, CEO of easyDNS, acknowledged the company’s fault. He described the attack as “sophisticated” and noted that nothing similar had occurred in the provider’s 28-year history.
Major consequences were avoided thanks to the expansion of DNSSEC. The hacker did not possess the cryptographic signing keys. Most servers rejected the hacker’s false responses, resulting in users seeing an error message instead of a malicious site.
The eth.limo team stated that no user harm was detected. The project is transitioning to the Domainsure platform, which lacks an account recovery mechanism via support service, preventing a similar attack from recurring.
Vercel Breach
Cloud provider Vercel also reported a security breach: hackers gained access to some customer credentials.
We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin:https://t.co/0S939n3qHC
— Vercel (@vercel) April 19, 2026
According to CEO Guillermo Rauch, the attack began with a breach of the AI tool Context.ai, used by an employee. Through it, the attackers infiltrated the corporate Google Workspace account and Vercel’s internal systems.
Here’s my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly.
A Vercel employee got compromised via the breach of an AI platform customer called https://t.co/xksNNigVfE that he was using. The details…
— Guillermo Rauch (@rauchg) April 19, 2026
Previously, a listing appeared on the hacker forum BreachForums offering Vercel data for sale at $2 million. The seller claimed access to source code and keys.
VERCEL just got breached.
They’re selling internal DB + employee accounts + GitHub/NPM tokens for $2M on BreachForums.
looks like someone got early access to Claude Mythos 💀 https://t.co/BVCDvoSHfs pic.twitter.com/6bJ7Sx9O5M
— shirish (@shiri_shh) April 19, 2026
The company’s management urged clients to change their credentials and monitor activity in their environments. Rauch emphasized that the infrastructure of open projects, including Next.js, was not affected.
Earlier, on April 1, the DeFi platform Drift Protocol on Solana was hacked, with the attacker extracting at least $280 million.
On April 17, the liquid restaking protocol Kelp lost $293 million following an incident with a cross-chain bridge.