It’s been over +2 hours since https://x.com/eth_limo/status/2045413512986411467 posted this on twitter, so I was waiting for them to post here, but I guess they’re busy fixing.. I was checking for eth.limo‘s DNS providers after recent cow swap dns hijack incident.. This also took down @ethlimo.eth’s DNS over HTTPS (DOH) service used for ENS records in IPFS clients.
Another possible attack surface/point of failure is in ipfs node/api level as most ipfs services don’t have/use verifiable ipfs fetch. Current public verifiable fetch providers are not ready for max load and not pinning ENS records first in IPFS cluster service like in eth.limo’s max optimized ipfs nodes for ENS.
Still waiting for this incident to be resolved,
& for full report from eth.limo team and future mitigation strategy. 