Hacker Returns Ethereum Domains Obtained in Auction Bug

The hacker who stole 17 Ethereum domain names during the Ethereum Name Service’s (ENS) auction decided to return them all.

The promise of hefty compensation

On Oct. 4, digital-collectibles marketplace OpenSea said that all of the stolen ENS names were returned successfully and that bidding on domain names will restart again in the coming weeks. 

In the beginning of September, the ENS bidding process was exploited by a hacker who managed to steal 17 domain names for lower bids than other users placed. OpenSea, who ran the auction, explained that a bug distributed ENS domains to participants who did not hold the highest bid.

The stolen domain names, which included apple.eth, defi.eth, wallet.eth, and pay.eth were all blacklisted and the hacker was promised an attractive offer for returning the domain names. OpenSea said:

“We appreciate the work you’ve done exposing vulnerabilities in the auction system. [...] To compensate for the work you’ve done to expose these vulnerabilities, we’re prepared to offer you 25% of the winning bid price of each name you return. We’ll also refund your purchase price.”

One domain, coffeshop.eth, has already received a bid of 100 wrapped Ether (WETH), worth around $14,000 at press time. 

Australian hacker stole $450,000 in XRP last year

Cointelegraph previously reported that Australian citizen Katherine Nguyen pleaded guilty to stealing $450,000 in XRP in January 2018. She hacked into the email account of a man with the exact same last name and proceeded to steal all of his XRP, before unlocking his account two days later. Cybercrime squad Commander Arthur Katsogiannis said at the time:

"It's a very significant crime and it's the first we know of its type in Australia where an individual has been arrested and charged for the technology-enabled theft of cryptocurrency."