Hacker Returns Ethereum Domains Obtained in Auction Bug

Published at: Oct. 5, 2019

The hacker who stole 17 Ethereum domain names during the Ethereum Name Service’s (ENS) auction decided to return them all.

The promise of hefty compensation

On Oct. 4, digital-collectibles marketplace OpenSea said that all of the stolen ENS names were returned successfully and that bidding on domain names will restart again in the coming weeks. 

In the beginning of September, the ENS bidding process was exploited by a hacker who managed to steal 17 domain names for lower bids than other users placed. OpenSea, who ran the auction, explained that a bug distributed ENS domains to participants who did not hold the highest bid.

The stolen domain names, which included apple.eth, defi.eth, wallet.eth, and pay.eth were all blacklisted and the hacker was promised an attractive offer for returning the domain names. OpenSea said:

“We appreciate the work you’ve done exposing vulnerabilities in the auction system. [...] To compensate for the work you’ve done to expose these vulnerabilities, we’re prepared to offer you 25% of the winning bid price of each name you return. We’ll also refund your purchase price.”

One domain, coffeshop.eth, has already received a bid of 100 wrapped Ether (WETH), worth around $14,000 at press time. 

Australian hacker stole $450,000 in XRP last year

Cointelegraph previously reported that Australian citizen Katherine Nguyen pleaded guilty to stealing $450,000 in XRP in January 2018. She hacked into the email account of a man with the exact same last name and proceeded to steal all of his XRP, before unlocking his account two days later. Cybercrime squad Commander Arthur Katsogiannis said at the time:

"It's a very significant crime and it's the first we know of its type in Australia where an individual has been arrested and charged for the technology-enabled theft of cryptocurrency."

Tags
Related Posts
The impact of Bitcoin hacking incidents on the crypto market
In the 2013–2017 period, 29 hacks occurred in the Bitcoin market where a total of 1.1 million Bitcoin were stolen. Noting that the average price for Bitcoin (BTC) in December 2020 exceeded $20,000, the corresponding monetary equivalent of losses is more than $22 billion, which strongly highlights the societal impact of this criminal activity. What did crypto exchanges do to address this problem? Nowadays, about 90% of exchanges use some kind of cold storage system, which means that digital assets are stored offline. Keeping Bitcoin offline considerably reduces the threat from hacking attacks. Related: Roundup of crypto hacks, exploits and …
Blockchain / Jan. 24, 2021
Ethereum Network Overcame Intentional Attack Affecting Parity Nodes
The Ethereum (ETH) network was apparently the target of a coordinated attack, according to several analysts. Following reports that some Parity Ethereum nodes lost sync with the network, on Dec. 31, core blockchain infrastructure company Parity Technology said it believed there was an attack underway and subsequently released network upgrades to protect against it. According to cryptocurrency security consultant Sergio Demian Lerner, the attack was implemented in a simple way, wherein “you send to a Parity node a block with invalid transactions, but valid header (borrowed from another block). The node will mark the block header as invalid and ban …
Blockchain / Dec. 31, 2019
‘Blockchain Bandit’ Has Stolen 45,000 ETH by Guessing Weak Private Keys, Report Claims
A “blockchain bandit” has managed to amass almost 45,000 ether (ETH) by successfully guessing weak private keys, according to a report released by Independent Security Evaluators on April 23. Adrian Bednarek, a senior security analyst, said he discovered the sophisticated hacker by accident. While guessing a private key is meant to be a statistical improbability, he managed to uncover 732 private keys through his research — giving him the ability to complete transactions as if he was the account holder. The report notes that rather than using a brute force search for random private keys, it used a combination of …
Blockchain / April 23, 2019
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'
On Thursday, Jump Crypto, a crypto venture capital firm that owns Certus One, the developer of the Wormhole token bridge, announced it had deposited 120 thousand Ether (ETH) into a Solana-Ethereum bridge that suffered a devastating exploit. The day prior, hackers fraudulently minted 120 thousand wrapped Ether (wETH) worth $321 million on the Solana (SOL) platform, then redeemed 93,750 wETH for ETH on the Ethereum network while swapping the rest for other altcoins on the Solana network. The cross-chain ETH-wETH is supposed to have an exchange ratio of 1:1 against one another. Therefore, unauthorized minting of wETH leads to significant …
Technology / Feb. 3, 2022
STEPN impersonators stealing users' seed phrases, warn security experts
Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user's dashboard where they may connect their stolen wallets to their own or "claim" a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or …
Adoption / April 25, 2022