Hacker Returns 17 Ethereum Domains Lost in Auction Bug

The domain names taken from the Ethereum Name Service’s (ENS) auction have been returned. 

As reported at the time, the ENS bidding process overseen by digital collectibles marketplace OpenSea was exploited, enabling a hacker to steal 17 domain names for lower bids than other clients set. ENS and OpenSea requested that the hacker return the domain names, promising remuneration for finding the bug.

A substitute to Web 2.0’s centralized domain name servers (DNS) framework, ENS is developed over the ethereum blockchain to use its decentralized properties and immutability. As it occurs, immutability isn’t constantly something to be thankful for.

When the hacker guaranteed the ENS domain names—which included apple.eth—ENS and OpenSea’s only plan of action was to blacklist the domains and request the hacker to return them.

Luckily, they were.

The hacker was influenced by an appealing offer: 25 percent of the final bidding cost for each one of the returned domains once they are re-auctioned. Some domain names are recorded for amazingly high offers like the owner of coffeshop.eth requesting 100 wrapped ether, worth around $17,000 at the time of writing. With 17 domains taken, the hacker could be in store for a decent payday based upon the auction prices.

OpenSea states auctions will begin again in the coming weeks.

Nick Johnson, the lead developer of ENS, stated OpenSea had no direct conversations with the hacker before the domains were returned. The firm requested input in a September 29 blog entry uncovering the bug.

“Evidently the hacker thought 25 percent was a better deal than trying to resell them themselves in the face of blacklisting. Or perhaps they’re just generous – either way we’re grateful.”