Blockchain domains and what they could mean for online fraud and brand protection

Blockchain domain names, domains stored on blockchain or cryptocurrency exchanges, are part of a growing, unregulated and decentralized internet. Right now, blockchain domains are mostly used by cryptocurrency users, but they are growing in popularity – the Ethereum naming service reported over 2.2 million .eth domain name registrations in 2022. At the same time, crypto fraud is also exploding, reaching a total of $3.5 billion in losses in 2022.

There have been previous attempts to create alternative domain name resolution systems outside of the regular domain name system (DNS administered by ICANN), although none of these have gained real traction. A major obstacle has been, and still is, the need for a user to use a crypto browser or special plug-in to an existing browser to access the blockchain. So while this is not entirely “new”, the use and adoption of blockchain domains may be spurred by the increased acceptance of cryptocurrencies among users. At the very least, blockchain domains can be used to further fraud of all kinds, and their unique ability to be both a “brand name” and the endpoint of a transaction makes them well worth focusing on as the market expands.

Traditional Internet and DNS

The architecture of the traditional internet requires users to have a unique internet address so that users can find each other. The unique addresses are coordinated with the Domain Name System (DNS) to create domain names – so that the Internet address 74.125.239.82 becomes the www.google.com domain name.

DNS requires an accreditation system where organizations (registrars) hold identifiable Internet domain name owners accountable for how they use the domain and can terminate the domain if they use it for malicious purposes.

Each domain name registered is subject to specific terms of use and arbitration under the Uniform Domain Name Dispute Resolution Policy (“UDRP”), and the system is centralized and built for transparency, although recent privacy initiatives have made it more difficult to trace the registrant to a malicious domain name.

Domain name registrants are usually referred to as “owners”, as the registrant of the domain is able to sell/transfer domain name assets, sometimes for significantly higher prices than they were purchased for, but the ownership is really more potentially a long-term lease because each registrant has to pay fees to maintain ownership of the registrar who “sold” them the domain name. The domain name itself still “lives” under the registrar and hosting company, so ownership is relative to their activities. Businesses that have lost DNS domains due to mistransfers or fraud will be acutely aware of this.

Blockchain domain name

Blockchain domains have some other interesting qualities. First, Blockchain domain name systems turn blockchain resources (complicated numbers/letters in long form) into domain names with extensions such as “.bitcoin”, “.crypto”, “.nft” and “.eth.” Blockchain domains can act as either i.) a name registry for cryptocurrency wallet addresses or ii.) they can point to content hosted on the blockchain, like a website.

Second, blockchain domains themselves exist in the owner’s crypto wallet (you need one to own a domain), so the owner of the domain name can do whatever they want with it (as they would with a regular NFT), without being subject to a registry , registrar, hosting service or ICANN. There are no administrative procedures to handle cases of infringement, such as a UDRP or terms of use. Furthermore, once the domain is purchased, there are no fees to pay – it’s a one-and-done purchase – and the domain/asset is owned by the buyer (not rented or leased). Budweiser brewery, for example, recently purchased beer.eth for approximately $90,000 or 30 ether (for those familiar with cryptocurrencies).

So what’s the problem?

Putting on our online security and defense hats, blockchain domains pose a number of problems for companies with valuable brand names.

First of all, there are no fixed rules for what is allowed when someone buys a blockchain domain. For example, Unstoppable Domains is responsible for writing domain names for a number of the more popular blockchain TLDs. In an interview with Fast company, their CEO stated that the company would not allow just anyone to register branded domains and that the company had measures in place to screen applicants. But there is no guarantee here, no system in place to deal with breaches, and no accountability or central authority to assist.

There are also a number of registrars that sell blockchain domains alongside regular domains. This has led to some consumer confusion and a warning from ICANN, which emphasized that alternate or non-DNS domains are not what they seem, stating that:

If [users] click on such a link [to a non-DNS domain], it will fail with an error message that the domain cannot be found. In order for Internet users to connect to such names, the must either install a specific browser, install a special plug-in for their favorite browser, or configure their system to use a specific DNS resolver that will bridge the Handshake blockchain world. (weight added)

Finally, from our perspective, the potential rise of blockchain domains among consumers will follow cryptocurrency – that is, if crypto becomes increasingly popular and a consumer-friendly way for users to buy/sell things (widely accepted), then blockchain domain names can become highly popular and valuable assets among brands and criminals alike – much like domain names.

What should companies and organizations do?

It’s still early days for blockchain domain names, and not entirely clear how things will play out in terms of which currencies will stick around. The most popular right now are Bitcoin, Ethereum and Binance, but the market is very volatile. For those charged with digital and online brand security, it’s important to make sure you’re aware of the space and look at how blockchain domains can impact your business from a growth and liability perspective. A few points to remember:

  • The law still applies, so in the same way that you would trace a domain name registrant in DNS, you can do it via the blockchain – it should actually be easier because it doesn’t hide where things are in the blockchain. Although it is easier to anonymize things and there is no central authority or repository for blockchain domain names, tracking should not be a problem.
  • Domain name companies (like Unstoppable) have internal rules to ensure they don’t hand out brand names to just anyone. In some cases, branded domain names have been set aside and can be claimed for free.
  • Ask intellectual property advisors and brand managers about blockchain domains, see if there is an opportunity for your business in the market, and start asking if your business or users have been affected by fraud using your brand name associated with cryptocurrency or blockchain domains .

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *