The cloud provider Vercel also reported a user data breach.
The Ethereum Name Service (ENS) gateway eth.limo has released a report detailing a security incident. The domain hijacking was caused by an attack on the registrar easyDNS.
— ETH.LIMO 🦇🔊 (@eth_limo) April 18, 2026
The attacker impersonated a member of the eth.limo team, initiated the account recovery process at easyDNS, and gained access to the settings. They then altered the name server (NS) records and redirected them to Cloudflare.
Eth.limo serves as a bridge between Web2 and Web3, providing access to 2 million decentralized websites in the .eth domain. Due to the domain takeover, users could have been redirected to phishing sites. Ethereum co-founder Vitalik Buterin urged users not to visit the site until the issue was resolved.
The kind people at @eth_limo have warned me that there has been an attack on their DNS registrar. So please do not visit https://t.co/2EcsFBZY0b or other https://t.co/9nFLru9kS0 pages until they confirm that things are back to normal.
— vitalik.eth (@VitalikButerin) April 18, 2026
You can check my blog via IPFS directly…
easyDNS CEO Mark Jeftovich acknowledged the company's responsibility. He described the attack as "high-tech" and noted that nothing like this had occurred in the 28 years of the provider's operation.
Widespread consequences were avoided thanks to the implementation of DNSSEC. The hacker did not possess the cryptographic signing keys. Most servers rejected the hacker's false responses, so users encountered an error message instead of being directed to a malicious site.
The eth.limo team stated that they did not record any user damage. The project is transitioning to the Domainsure platform, which lacks an account recovery mechanism through customer support—this prevents a repeat of such an attack.
Vercel Breach
The cloud provider Vercel also reported a security breach: hackers gained access to some customer credentials.
We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin:https://t.co/0S939n3qHC
— Vercel (@vercel) April 19, 2026
According to CEO Guillermo Rauch, the attack began with the compromise of the AI tool Context.ai used by one of the employees. Through this, the attackers accessed the corporate Google Workspace account and Vercel's internal systems.
Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly.
— Guillermo Rauch (@rauchg) April 19, 2026
A Vercel employee got compromised via the breach of an AI platform customer called https://t.co/xksNNigVfE that he was using. The details…
Previously, a listing appeared on the hacker forum BreachForums offering Vercel data for $2 million. The seller claimed to have access to source code and keys.
VERCEL just got breached.
— shirish (@shiri_shh) April 19, 2026
They’re selling internal DB + employee accounts + GitHub/NPM tokens for $2M on BreachForums.
looks like someone got early access to Claude Mythos 💀 https://t.co/BVCDvoSHfs pic.twitter.com/6bJ7Sx9O5M
The company urged customers to change their credentials and monitor activity in their environments. Rauch emphasized that the infrastructure of open projects, including Next.js, was not affected.
It is worth noting that on April 1, the DeFi platform Drift Protocol on Solana suffered a hacking attack, with the attacker stealing at least $280 million.
On April 17, the Kelp restaking protocol lost $293 million after an incident involving a cross-chain bridge.