Crypto Website Hacking: Social Engineering Attack on Ethereum Name Service Gateway

A recent social engineering attack on eth.limo's domain registrar has exposed weaknesses in the security measures protecting cryptocurrency websites.

The attacker, who impersonated an eth.limo team member, was able to gain access to the EasyDNS account and redirect the nameservers of the Ethereum Name Service gateway. However, the DNSSEC (Domain Name System Security Extensions) protocol prevented the attack from causing any significant damage by rejecting unsigned DNS responses.

The incident has led to the decision to migrate eth.limo to a stricter platform, Domainsure, which lacks an account recovery mechanism that was exploited by the attacker.