EasyDNS confirms that a failure in its security systems has allowed a malicious attacker to take over eth.limo for a short time, a gateway primary of the Ethereum Name service.
You can read more about it here:
- The attacker impersonated a member of the eth.limo to gain access to domain settings and bypass easyDNS’ account recovery protocol.
- DNSSEC protections stopped users from being redirected to malicious websites by refusing fake responses without valid cryptographic signs.
- EasyDNS will migrate to Domainsure, to remove account recovery vulnerabilities as well as prevent social engineering.
An attacker impersonated a member of the eth.limo account recovery team on Friday, and was able to change name server records to redirect domains to Cloudflare.
The team at eth.limo, in an after-mortem published On Saturday, they stated that as soon as the DNS hijacking was discovered, they immediately informed the community. This included prominent figures such at Ethereum co-founder Vitalik Buterin.
As a gateway for approximately 2 million decentralized sites, eth.limo poses a serious threat to hackers who could redirect users to malicious websites if a compromise is successful. Buterin issued an alert on Friday advising readers to stay away from his blog until his team can restore its secure operations.
Protection from widespread impacts is possible with security extensions
Mark Jeftovic is the CEO of EasyDNS noted The presence of Domain Name System Security Extensions (DNSSEC), played an important role in stopping further damage by the attacker.
Due to the fact that the hackers lacked cryptographic signature keys, DNS aware resolvers today rejected the fake responses. This resulted in the users being directed towards error messages instead of phishing pages.
“We screwed up and we own it,” Jeftovic said on Saturday that it was the first social engineering attack in 28 years of the service provider.
These safeguards have been highlighted by the developers of eth.limo in their own report. They claim that they will likely result in a reduction of vehicle accidents. “blast radius” This hijacking. The team has not yet confirmed any user impacts or fund losses.
Jeftovic also said that eth.limo will now be migrated to Domainsure. Domainsure is an enterprise platform which does not provide a mechanism for manual account recovery. The loophole exploited during this attack has been effectively closed.
This is just one recent attack on the infrastructure of the crypto industry. Just a few days before, the CoW Swap decentralized exchange aggregater was attacked on April 14. lost control of its domain After a similar attack on the.fi domain registry, users were affected for several hours and suffered an estimated $1.2 million loss.
“This article is not financial advice.”
“Always do your own research before making any type of investment.”
“ItsDailyCrypto is not responsible for any activities you perform outside ItsDailyCrypto.”
Source: crypto.news
