If a Domain Marketplace Sells a Stolen Domain, Who's Responsible?

[Bill Hartzer]

If a domain marketplace sells a stolen domain name, should the buyer of that domain be reimbursed by the marketplace?

In this particular case, a stolen domain name was sold by a domain marketplace. The buyer of that stolen domain name wants his money back (rightfully so). Should the domain marketplace reimburse the buyer, as they sold a stolen domain?

The domain buyer won't turn over the domain back to the rightful owner unless they get paid for the domain. The buyer (current registrant who holds the stolen domain) has been provided evidence that the domain is stolen.

 

[Biggie]

Hi

was the domain stolen at the registrar?
if so, do they, the registrar bear any responsibility?

and if the registrar is not responsible, then how can marketplace be liable?

also, what is the duty of buyer, prior to engaging to purchase the domain?

imo...

 

[Bill Hartzer]

I'll tell you the back story on this. It's a unique one.

Domain owner purchases domain at a domain marketplace (legitimately) at Registrar A. He paid $XXXX for the domain, left it at that registrar and renewed it until 2025.

At some point, domain owner's email was hacked, and the hacker got into the Registrar A account. Registrar A knows about the hack, and admits it happened. However, they say they cannot do anything because their system was not hacked, the email was hacked.

The hacker went into the account and deleted the domain. Then the domain dropped, and a drop catching service picked up the domain, and auctioned it for $XXX.

The current registrant did not buy the domain 'in bad faith' from the expired domain drop catching service. It's clear that the domain name was renewed until 2025, according to whois history (anyone can see it), the Registrar A admits there was a hack, and the original domain owner has filed a police report about the hack (and the deletion of his domain name).

Current registrant is offering to return the domain name to the original domain owner. But wants to get paid for what he paid for the domain.

The question is whether or not the original domain owner should pay the current registrant for the domain, or should the drop catching service pay? Or should Registrar A be liable? Or no one? Does the current registrant lose his money because he bought the domain that shouldn't have dropped, and the account was hacked?

 

[Biggie]

The question is whether or not the original domain owner should pay the current registrant for the domain, or should the drop catching service pay? Or should Registrar A be liable? Or no one? Does the current registrant lose his money because he bought the domain that shouldn't have dropped, and the account was hacked?

Hi

a question:
if the domain was regged until 2025, why did the registrar allow the domain to be deleted?
also, was any refund sent to previous owner or the thief?

since the drop service can't verify ownership when the name is caught, then whoever buys/bids, assumes it is legit offering.
the original owner may have to buy back the domain, which may be less expensive than going to court to retrieve it.
as the registrar probably won't assume responsibility for the loss.

however, if the domain is still at same registrar, after being caught by drop service, then they might be able to work something out.

imo....

 

[Domainnature]

From what i know DropCatch service knows the domain will drop by looking at WHOIS, to see in what state it is currently, grace period, pending delete etc, I doubt they added the domain to wait till 2025 so it will drop.
How the drop catch service knew the domain will drop?
I feel the one who drop catch the domain is in relation with those who deleted it, to hide any traces of stealing the domain in question.

 

[Bill Hartzer]

So, this cases is now closed, and the domain name is returned to the owner. Here's what happened:

The current registrant, after seeing the police report of the hacking of account and theft of the domain, the current registrant offered to sell the domain name (for what they paid dropcatch for the domain). The rightful owner of the domain then purchased the domain to get it back. It's back in the hands of the rightful owner.

 

[Domainnature]

So, this cases is now closed, and the domain name is returned to the owner. Here's what happened:

The current registrant, after seeing the police report of the hacking of account and theft of the domain, the current registrant offered to sell the domain name (for what they paid dropcatch for the domain). The rightful owner of the domain then purchased the domain to get it back. It's back in the hands of the rightful owner.

Great news, glad the owner got the domain back.

 

[Proved SEO]

It's a difficult situation. This is why during an actual escrow process in real estate, there is a title search. With domains it is harder to see who actually owns it, especially with recent WHOIS changes.

I would generally say the marketplace should refund the money. Some fraud is a cost of doing business.

It really depends though on how much due diligence was done between all parties.

 

[accurate]

Crazy... I think the registrar has some responsibility here.

I'll tell you the back story on this. It's a unique one.

Domain owner purchases domain at a domain marketplace (legitimately) at Registrar A. He paid $XXXX for the domain, left it at that registrar and renewed it until 2025.

At some point, domain owner's email was hacked, and the hacker got into the Registrar A account. Registrar A knows about the hack, and admits it happened. However, they say they cannot do anything because their system was not hacked, the email was hacked.

The hacker went into the account and deleted the domain. Then the domain dropped, and a drop catching service picked up the domain, and auctioned it for $XXX.

The current registrant did not buy the domain 'in bad faith' from the expired domain drop catching service. It's clear that the domain name was renewed until 2025, according to whois history (anyone can see it), the Registrar A admits there was a hack, and the original domain owner has filed a police report about the hack (and the deletion of his domain name).

Current registrant is offering to return the domain name to the original domain owner. But wants to get paid for what he paid for the domain.

The question is whether or not the original domain owner should pay the current registrant for the domain, or should the drop catching service pay? Or should Registrar A be liable? Or no one? Does the current registrant lose his money because he bought the domain that shouldn't have dropped, and the account was hacked?

 

[ibuyandselldomains]

They should give it back to him for free, and icann should back date the who is to the date that it was when the person who got it hacked had it in his account.