Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Domain summit 2024

If a Domain Marketplace Sells a Stolen Domain, Who's Responsible?

Bill Hartzer

Level 2
Legacy Gold Member
Joined
Jan 22, 2017
Messages
29
Reaction score
21
Feedback: 0 / 0 / 0
If a domain marketplace sells a stolen domain name, should the buyer of that domain be reimbursed by the marketplace?

In this particular case, a stolen domain name was sold by a domain marketplace. The buyer of that stolen domain name wants his money back (rightfully so). Should the domain marketplace reimburse the buyer, as they sold a stolen domain?

The domain buyer won't turn over the domain back to the rightful owner unless they get paid for the domain. The buyer (current registrant who holds the stolen domain) has been provided evidence that the domain is stolen.
 
Domain summit 2024

Biggie

DNForum Moderator
Legacy Exclusive Member
Joined
Sep 4, 2002
Messages
14,866
Reaction score
2,120
Feedback: 166 / 0 / 0
Hi

was the domain stolen at the registrar?
if so, do they, the registrar bear any responsibility?

and if the registrar is not responsible, then how can marketplace be liable?

also, what is the duty of buyer, prior to engaging to purchase the domain?

imo...
 

Bill Hartzer

Level 2
Legacy Gold Member
Joined
Jan 22, 2017
Messages
29
Reaction score
21
Feedback: 0 / 0 / 0
I'll tell you the back story on this. It's a unique one.

Domain owner purchases domain at a domain marketplace (legitimately) at Registrar A. He paid $XXXX for the domain, left it at that registrar and renewed it until 2025.

At some point, domain owner's email was hacked, and the hacker got into the Registrar A account. Registrar A knows about the hack, and admits it happened. However, they say they cannot do anything because their system was not hacked, the email was hacked.

The hacker went into the account and deleted the domain. Then the domain dropped, and a drop catching service picked up the domain, and auctioned it for $XXX.

The current registrant did not buy the domain 'in bad faith' from the expired domain drop catching service. It's clear that the domain name was renewed until 2025, according to whois history (anyone can see it), the Registrar A admits there was a hack, and the original domain owner has filed a police report about the hack (and the deletion of his domain name).

Current registrant is offering to return the domain name to the original domain owner. But wants to get paid for what he paid for the domain.

The question is whether or not the original domain owner should pay the current registrant for the domain, or should the drop catching service pay? Or should Registrar A be liable? Or no one? Does the current registrant lose his money because he bought the domain that shouldn't have dropped, and the account was hacked?
 

Biggie

DNForum Moderator
Legacy Exclusive Member
Joined
Sep 4, 2002
Messages
14,866
Reaction score
2,120
Feedback: 166 / 0 / 0
The question is whether or not the original domain owner should pay the current registrant for the domain, or should the drop catching service pay? Or should Registrar A be liable? Or no one? Does the current registrant lose his money because he bought the domain that shouldn't have dropped, and the account was hacked?
Hi

a question:
if the domain was regged until 2025, why did the registrar allow the domain to be deleted?
also, was any refund sent to previous owner or the thief?

since the drop service can't verify ownership when the name is caught, then whoever buys/bids, assumes it is legit offering.
the original owner may have to buy back the domain, which may be less expensive than going to court to retrieve it.
as the registrar probably won't assume responsibility for the loss.

however, if the domain is still at same registrar, after being caught by drop service, then they might be able to work something out.

imo....
 

Neoget

Level 5
Joined
Jul 5, 2021
Messages
312
Reaction score
149
Feedback: 0 / 0 / 0
From what i know DropCatch service knows the domain will drop by looking at WHOIS, to see in what state it is currently, grace period, pending delete etc, I doubt they added the domain to wait till 2025 so it will drop.
How the drop catch service knew the domain will drop?
I feel the one who drop catch the domain is in relation with those who deleted it, to hide any traces of stealing the domain in question.
 

Bill Hartzer

Level 2
Legacy Gold Member
Joined
Jan 22, 2017
Messages
29
Reaction score
21
Feedback: 0 / 0 / 0
So, this cases is now closed, and the domain name is returned to the owner. Here's what happened:

The current registrant, after seeing the police report of the hacking of account and theft of the domain, the current registrant offered to sell the domain name (for what they paid dropcatch for the domain). The rightful owner of the domain then purchased the domain to get it back. It's back in the hands of the rightful owner.
 

Neoget

Level 5
Joined
Jul 5, 2021
Messages
312
Reaction score
149
Feedback: 0 / 0 / 0
So, this cases is now closed, and the domain name is returned to the owner. Here's what happened:

The current registrant, after seeing the police report of the hacking of account and theft of the domain, the current registrant offered to sell the domain name (for what they paid dropcatch for the domain). The rightful owner of the domain then purchased the domain to get it back. It's back in the hands of the rightful owner.
Great news, glad the owner got the domain back.
 

Proved SEO

Level 1
Joined
Sep 16, 2022
Messages
7
Reaction score
2
Feedback: 0 / 0 / 0
It's a difficult situation. This is why during an actual escrow process in real estate, there is a title search. With domains it is harder to see who actually owns it, especially with recent WHOIS changes.

I would generally say the marketplace should refund the money. Some fraud is a cost of doing business.

It really depends though on how much due diligence was done between all parties.
 

accurate

Level 8
Legacy Exclusive Member
Joined
Sep 28, 2012
Messages
1,233
Reaction score
475
Feedback: 0 / 0 / 0
Crazy... I think the registrar has some responsibility here.

I'll tell you the back story on this. It's a unique one.

Domain owner purchases domain at a domain marketplace (legitimately) at Registrar A. He paid $XXXX for the domain, left it at that registrar and renewed it until 2025.

At some point, domain owner's email was hacked, and the hacker got into the Registrar A account. Registrar A knows about the hack, and admits it happened. However, they say they cannot do anything because their system was not hacked, the email was hacked.

The hacker went into the account and deleted the domain. Then the domain dropped, and a drop catching service picked up the domain, and auctioned it for $XXX.

The current registrant did not buy the domain 'in bad faith' from the expired domain drop catching service. It's clear that the domain name was renewed until 2025, according to whois history (anyone can see it), the Registrar A admits there was a hack, and the original domain owner has filed a police report about the hack (and the deletion of his domain name).

Current registrant is offering to return the domain name to the original domain owner. But wants to get paid for what he paid for the domain.

The question is whether or not the original domain owner should pay the current registrant for the domain, or should the drop catching service pay? Or should Registrar A be liable? Or no one? Does the current registrant lose his money because he bought the domain that shouldn't have dropped, and the account was hacked?
 

ibuyandselldomains

Account Terminated
Legacy Gold Member
Joined
Feb 12, 2015
Messages
275
Reaction score
15
Feedback: 1 / 0 / 0
They should give it back to him for free, and icann should back date the who is to the date that it was when the person who got it hacked had it in his account.
 

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Sedo - it.com Premiums

IT.com

Premium Members

AucDom
UKBackorder
Be a Squirrel
MariaBuy

New Threads

Our Mods' Businesses

UrlPick.com
Free QR Code Generator by MerchArts

*the exceptional businesses of our esteemed moderators

Top Bottom