A hacker stole 17 domain names during the Ethereum Name Service Auction, and now they’re giving them back – here’s why

If you remember back in September I wrote an article about a domain auction being run by the Ethereum Name Service, well – the auction was hacked, and the hacker stole 17 domains including Apple.eth. Here’s the scoop:

As CoinDesk reported at the time, the ENS bidding process managed by digital-collectibles marketplace OpenSea was exploited, allowing a hacker to nab 17 domain names for lower bids than other users placed. ENS and OpenSea asked the hacker to return the domain names, promising compensation for finding the bug.

(Source – CoinDesk)

Well, in an interesting turn of events, the hacker agreed to return the domains in exchange for a reward.

Now it’s not uncommon to hear about companies offering “bug bounties” which are essentially systems for rewarding hackers for finding bugs. This isn’t the way they usually go but in this case it does seem to be a win-win since the Ethereum Name Service gets their domains back and the hacker gets a bug bounty when there wasn’t really an official bug bounty program running.

So what does the hacker get in exchange for stealing these domains and then giving them back? She/he will receive 25% of the final auction price of every domain name sold in the auction.

Timing is critical for this as DevCon5 is taking place this week in Osaka. My flight from LAX to Osaka on Sunday was actually full of DevCon5 attendees and this year the conference is expected to be their biggest show yet.

If you don’t know what DevCon5 is, think of it as the go-to conference for Ethereum developers, hence why the Ethereum Name Service really wants to get the auction back in action and these domains out to the community.

My only question is, if Apple.eth goes back into the auction and sells, will Apple Inc. go after it with a UDRP? It seems odd that they’re auctioning off domains that violate major trademarks like that but I guess we’ll just have to wait and see on that one!

{ 4 comments… add one }

  • Snoopy October 8, 2019, 2:56 pm

    Couple of points,

    -These are not real “domains”, it is fake garbage that doesn’t resolve, very similar to new.net from years ago where they try to sell it on the basis of people using browser plugins.

    -It is highly unlikely that anyone genuine tried to steal these gems. This sounds like manufactured spin from the registry to try and get some press.

    Reply
    • Dont Forget October 8, 2019, 2:59 pm

      Dont Forget the .ZIL crap extensions

      Reply
    • Dont Forget October 8, 2019, 2:59 pm

      Dont Forget the .ZIL crap extension

      Reply
  • Mike October 8, 2019, 5:43 pm

    I don’t think UDRP applies to ENS

    Also, the owner can remain anonymous

    I look forward to when DNS is run on the blockchain

    Reply

Leave a Comment