The promise of hefty compensation
In the beginning of September, the ENS bidding process was exploited by a hacker who managed to steal 17 domain names for lower bids than other users placed. OpenSea, who ran the auction, explained that a bug distributed ENS domains to participants who did not hold the highest bid.
The stolen domain names, which included apple.eth, defi.eth, wallet.eth, and pay.eth were all blacklisted and the hacker was promised an attractive offer for returning the domain names. OpenSea said:
“We appreciate the work you’ve done exposing vulnerabilities in the auction system. […] To compensate for the work you’ve done to expose these vulnerabilities, we’re prepared to offer you 25% of the winning bid price of each name you return. We’ll also refund your purchase price.”
One domain, coffeshop.eth, has already received a bid of 100 wrapped Ether (WETH), worth around $14,000 at press time.
Australian hacker stole $450,000 in XRP last year
Australian citizen Katherine Nguyen pleaded guilty to stealing $450,000 in XRP in January 2018. She hacked into the email account of a man with the exact same last name and proceeded to steal all of his XRP, before unlocking his account two days later. Cybercrime squad Commander Arthur Katsogiannis said at the time: