The team behind eth.limo, a key gateway for Ethereum Name Service domains, has confirmed that its recent domain hijack was the result of a targeted social engineering attack against its DNS provider, EasyDNS.

The incident briefly raised concerns across the crypto community, as eth.limo plays a critical role in connecting decentralized websites to traditional web browsers.

Attack Exploited Account Recovery Process

According to the project’s post-mortem, the attacker impersonated a member of the eth.limo team to initiate an account recovery request with EasyDNS.

This allowed the attacker to gain control of the domain account and modify its DNS settings.

Once access was secured, the attacker changed the nameserver records and redirected traffic through Cloudflare, potentially opening the door to phishing or malicious redirects.

Critical Infrastructure at Risk

eth.limo acts as a bridge between Web3 and Web2, enabling access to around 2 million .eth websites through standard browsers.

A successful hijack could have redirected users to harmful sites without their knowledge.

Ethereum co-founder Vitalik Buterin even warned users to avoid his blog during the incident until the issue was resolved.

DNSSEC Helped Limit Damage

Despite the breach, major damage was avoided thanks to Domain Name System Security Extensions (DNSSEC).

Because the attacker did not have the correct cryptographic signing keys, most DNS resolvers rejected the forged records.

As a result, users encountered errors instead of being redirected to malicious content, significantly reducing the potential impact.

Both eth.limo and EasyDNS credited DNSSEC with preventing a much more serious outcome.

EasyDNS Accepts Responsibility

EasyDNS CEO Mark Jeftovic acknowledged the failure, calling it the first successful social engineering attack against a client in the company’s 28-year history.

He described the incident as highly sophisticated and confirmed that an internal investigation is ongoing.

Security Upgrades Underway

In response, EasyDNS is implementing stronger safeguards.

The company plans to migrate eth.limo to its more secure Domainsure platform, which removes account recovery mechanisms altogether, a key vulnerability exploited in this attack.

Additional security improvements are also being rolled out to prevent similar incidents in the future.

Part of a Broader Trend

The eth.limo breach is the latest in a string of domain hijacking incidents targeting crypto-related platforms.

Recent cases involving projects like CoW Swap and Steakhouse Financial highlight a growing trend of attackers exploiting human vulnerabilities rather than technical flaws.

Ongoing Vigilance Needed

While no user impact has been confirmed so far, the incident underscores the importance of robust security practices across both Web2 and Web3 infrastructure.

As crypto adoption grows, protecting critical access points like domain services will remain essential to maintaining trust and preventing large-scale exploits.

Bitcoin gave up its recent gains over the weekend, dropping below $74,000 on Sunday as geopolitical tensions between the United States and Iran intensified.

The pullback came after a series of events that put pressure on an already fragile ceasefire between the two nations.

Bitcoin Reverses After Strong Rally

Bitcoin had surged above $78,300 on Friday, marking its highest level since early February.

However, momentum quickly faded over the weekend as news of rising tensions triggered a shift in market sentiment. The price slipped into the $75,000 to $76,000 range before falling sharply late Sunday.

At one point, Bitcoin briefly dipped below $74,000 following reports of direct military action involving an Iranian vessel.

Ceasefire Under Strain

The latest volatility followed an incident where the US military reportedly fired on and seized an Iranian cargo ship accused of breaching a blockade.

Iran responded by accusing the US of violating the ceasefire agreement and warning of retaliation.

Tehran has also rejected planned peace talks, further increasing uncertainty as the two-week ceasefire approaches its expiration.

Oil Prices Surge as Risk Increases

While crypto markets pulled back, oil prices moved higher amid fears of supply disruption.

Crude oil futures rose more than 4.5%, climbing above $95 per barrel after Iran threatened to close key shipping routes in the Strait of Hormuz.

The region remains a critical artery for global energy supply, and any disruption typically drives oil prices upward.

Traditional Markets React

The tension also impacted traditional financial markets.

US stock futures declined Sunday night, with the S&P 500, Nasdaq-100, and Dow Jones all showing losses as investors shifted toward a more cautious stance.

The broader reaction reflects how closely global markets are tied to geopolitical developments.

Market Sentiment Still Cautious

Despite the recent volatility, overall crypto sentiment showed slight improvement.

The Crypto Fear and Greed Index rose to 29, its highest level since late January, though it still signals a prevailing sense of fear among investors.

Uncertainty Ahead of Ceasefire Deadline

With the ceasefire set to expire midweek, markets remain highly sensitive to further developments.

Any escalation or breakdown in negotiations could trigger additional volatility across crypto, commodities, and equities.

For now, Bitcoin’s price action reflects a market caught between improving momentum and lingering geopolitical risk.

Aave, one of the largest decentralized lending protocols, saw nearly $8 billion wiped from its total value locked (TVL) over the weekend following a major exploit tied to Kelp DAO.

The incident triggered widespread withdrawals and exposed vulnerabilities in the interconnected DeFi ecosystem.

Massive Outflows Shake Aave

Data shows Aave’s TVL dropped from around $26.4 billion to $18.6 billion within a day, causing it to lose its position as the top DeFi protocol.

The sharp decline came as users rushed to withdraw funds after hackers leveraged the platform to borrow against stolen assets.

Exploit Leads to “Bad Debt”

The attack began when hackers stole approximately $293 million worth of rsETH tokens from Kelp DAO’s LayerZero-based bridge.

They then used the stolen assets as collateral on Aave to borrow wrapped Ether, creating an estimated $195 million in bad debt on the protocol.

This chain reaction highlighted how a single exploit can ripple across multiple platforms in DeFi.

Liquidity Crunch Hits Stablecoin Pools

Aave’s stablecoin lending pools for USDT and USDC reached 100% utilization following the incident.

This means over $5 billion in stablecoins is effectively locked, with users unable to withdraw funds until liquidity improves or loans are repaid.

The situation underscores the risks tied to liquidity mismatches during periods of market stress.

AAVE Token Drops Sharply

The impact was also reflected in Aave’s native token.

AAVE fell nearly 20% in just over 24 hours, dropping from around $112 to below $90 as investor confidence weakened.

Large Players Exit Positions

Major withdrawals came from institutional players and crypto whales.

MEXC reportedly withdrew around $431 million, while Abraxas Capital pulled approximately $392 million from the protocol, accelerating the liquidity drain.

Emergency Measures and Market Freezes

In response, Aave froze several markets tied to rsETH and wrapped Ether across multiple networks to prevent further risk.

The protocol also confirmed that rsETH on Ethereum remains fully backed, attempting to reassure users amid the turmoil.

Meanwhile, other platforms connected to rsETH or the affected bridge, including Curve Finance, Ethena, and BitGo’s Wrapped Bitcoin, paused related operations as a precaution.

Stress Test for Aave’s Security Model

The event marks a major test for Aave’s “Umbrella” risk management system, introduced in 2025 to protect against bad debt through automated mechanisms.

While Aave maintains that its overcollateralization and liquidation systems help shield lenders, the incident shows how external exploits can still create systemic pressure.

DeFi Interconnectedness Under Scrutiny

The Aave crisis highlights the growing complexity of DeFi, where protocols are deeply interconnected.

A vulnerability in one platform can quickly cascade across others, amplifying risk and triggering liquidity shocks.

As the ecosystem continues to evolve, improving security and risk isolation will remain critical for maintaining user confidence.