Share this article
Hacker Returns Ethereum Domains Lost in Bug Exploit
The ENS hacker returned all 17 domain names after being compensated by OpenSea.
Updated Sep 13, 2021, 11:32 a.m. Published Oct 4, 2019, 9:25 p.m.
The domain names stolen from the Ethereum Name Service's (ENS) auction have been returned.
As CoinDesk reported at the time, the ENS bidding process managed by digital-collectibles marketplace OpenSea was exploited, allowing a hacker to nab 17 domain names for lower bids than other users placed. ENS and OpenSea asked the hacker to return the domain names, promising compensation for finding the bug.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
An alternative to Web 2.0’s centralized domain name servers (DNS) system, ENS is built on top of the ethereum blockchain to leverage its immutability and decentralized properties. As it happens, immutability isn't always a good thing.
Once the hacker claimed the ENS domain names – which included apple.eth – ENS and OpenSea’s only recourse was to blacklist the domains and ask for the hacker to return them.
Fortunately, they were.
Update: the stolen ENS names were all returned successfully to @ensdomains! 🤗Thanks for supporting the community; we’re working hard to restart bidding this week before #devcon5 and will send out emails to bidders when it’s ready
— OpenSea (@opensea) October 3, 2019
The hacker was apparently swayed by an attractive offer: 25 percent of the final bidding price for each of the returned domains once they are re-auctioned. Some domain names are listed for impressively high bids such as the owner of coffeshop.eth asking for 100 wrapped ether, worth about $17,000 at press time. With 17 domains stolen, the hacker could be in store for a decent payday depending on the auction prices.
OpenSea says auctions will commence again in the coming weeks.
Speaking with CoinDesk, ENS lead developer Nick Johnson said OpenSea had no direct communications with the hacker before the domains were returned. The company solicited feedback in a Sept. 29 blog post disclosing the bug.
"Evidently the hacker thought 25 percent was a better deal than trying to resell them themselves in the face of blacklisting. Or perhaps they're just generous – either way we're grateful."
Gift image via Shutterstock
Mehr für Sie
Was Sie wissen sollten:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
Mehr für Sie
Bitcoin’s Deep Correction Sets Stage for December Rebound, Says K33 Research
K33 Research says market fear is outweighing fundamentals as bitcoin nears key levels. December could offer an entry point for bold investors.
Was Sie wissen sollten:
- K33 Research says bitcoin’s steep correction shows signs of bottoming, with December potentially marking a turning point.
- The firm has argued that the market is overreacting to long-term risks while ignoring near-term signals of strength, like low leverage and solid support levels.
- With likely policy shifts ahead and cautious positioning in futures, K33 sees more upside potential than risk of another major collapse.
Top Stories
