Stolen domain names : The ethics of brokering stolen assets

Domain names have been stolen since the early days of the commercial Internet. The most known case involves the hijacking of, a domain that was “milked” for its traffic, before it was returned via a court order to its registrant.

There are thousands of domain names that have been stolen in the 25 years since, for a variety of reasons:

  • Financial reasons – the most obvious
  • Political reasons – to inflict harm in the political arena
  • Criminal and extortion reasons – to use someone else’s domain as a criminal launchpad
  • Revenge reasons – as a means of personal revenge against the domain registrant

Since the early 2000’s I’ve assisted with the identification and recovery of dozens of stolen domain names, in a process that became increasingly challenging. Some had been sold more than once, before they were identified as stolen property. The task was made easier by DomainTools and its tracking of WHOIS changes. On several occasions, I delivered my research reports to be used as evidence in the legal process.

Unfortunately, not every domain that is identified as stolen gets recovered. An example is, stolen from its Greek registrant by a Russian serial hijacker of domains. It’s currently for sale in a proxy account under the thief’s control.

Other domains were successfully returned. I don’t publish many of the domains that become stolen or get returned, for a couple of reasons: sometimes the registrants fear revenge by persistent criminals that make a thriving living from the trade of stolen domain names. Other times, the recovered domain is only one of many in the thief’s possession, and the goal is to recover more domains and even bring the thief to justice.

Rest assured that I always advise the victims of domain theft to contact the authorities and escalate the matter to the highest extent. Not everyone, however, has the resources to pursuit the perpetrators via the legal process. Whether a domain is of financial or sentimental value, a theft is a theft and no stolen domain should be cleared of this stigma, unless it’s returned to the party at loss.

That’s why I don’t consider stolen domains that someone eventually paid money for, as non-stolen.

These are laundered assets in every sense of the word, and I would advise every domain broker with an ounce of common ethics to refrain from engaging with unscrupulous thieves. The information about domain brokers that sell stolen assets on behalf of shady sellers is shared among the domain community, and no matter how much money is made in commissions, nothing is more valuable than one’s name and reputation.

Brokering stolen domains is like becoming an accomplish in a crime, just like one would be if they had a chop shop or other store selling stolen merchandise. Just because a domain name is not physical property, does not make the crime less serious.

I’ve come across two kinds of unscrupulous domain brokers: Those that only trade stolen assets on behalf of serial domain thieves, and those of the “hybrid” kind that knowingly partake in both stolen and legit domain inventory sales.

There are also domain brokers that happened to negotiate sales involving stolen domains without being aware of the domains’ status.

On the flip side, an ethical domain broker performs due diligence on the domain’s seller and the asset itself. Good brokers research the history of the domain’s ownership and attempt to contact previous owners; if the ownership history looks sketchy, a good broker should refuse to represent the seller in a brokered deal.

Domain names will continue to get hijacked or stolen, despite increased security measures. Trading stolen domain assets is an unethical practice that can put a permanent mark on the seller or domain broker that engaged in this type of unlawful activity.


  1. More power to your elbow. Thank you for sharing information on this criminal activity.

    The article raises some serious questions for me. Firstly, as a domainer at the lower end of the market but with aspirations to move up the ladder, is the issue prevalent across the value chain of domains or does it tend to be restricted to the higher end?

    Secondly, the motives listed indicate such activities may well be spread across the full range of values. So what are the signals which would help me and thousands like me simply buying and selling with no real idea this sort of thing is actually going on, identify suspicious activities?
    Secondly, if the

Speak Your Mind