Hacker Returns Stolen Ethereum Domains Names; Offered 25% Of Auction As Bug Bounty Reward
It’s easy to fall into a lull of new technology. To accept that everything new that comes your way, and is already tested for every possible mishap.
A hacker broke this illusion when they first stole, then returned the 17 Ethereum Name Server (ENS) domain name's to OpenSea. They managed to exploit a bug that allowed them to buy the ENS domains for a lower bid than everyone else. Whoever it was tried to capitalize on their discovery, but was already within Opensea’s radar before they could get a large number of domains.
Among the short names of their acquisitions, apple.eth, love.eth, and wallet.eth stand at the forefront. Highly lucrative domains to own and then sell back to major groups. The way blockchain works is a beautiful thing, but it's sheer immutability made it impossible for OpenSea to get it back after the hacker had captured them. Their only option was to blacklist the names and ask the hacker very nicely to give it back.
And the hacker did, but not out of love and charity. OpenSea promised the hacker a hefty 25% commission on every auction of the domain names they gave back. Whether or not the hacker’s intents were genuine or not, it’s honestly impossible to say.
The mystery with hackers, mainly unidentified ones like this one, is the intent. There are white hats, those out to better the Internet as a whole with their hacks. There are black hats, those out just for their own personal gain. There are even red hats, a weird mix of both.
OpenSea Owns Up, Plugs the Leak, Returns to Business
OpenSea had released an official statement apologizing for the exploit even existing. It’s sometimes easy to forget that massive bodies like these can also only be human. This hacker that captured those 17 domain names is the only one that managed to exploit an existing bug and get noticed. OpenSea is asking all individuals who gained ENS domains unfairly to return it, promising the same 25% commission for each.
They stated they’re going to extend invalidated auctions and plug the leak that made it happen to begin with. They’re going out of their way to notify users who suffered from the bug so they will have a clean, fair chance at winning the bids they were aiming for.
After that, it’s back to business, probably older and wiser from experience. Blockchain is the future, but the future is untested. It’s something many people forget in their over-eagerness to go to the new, profitable ideas of the future. OpenSea was not the first, nor will it be the last entity to make a mistake. It’s only their crack team that stopped the hacker from gaining more names as they slowly mapped out the exploit to its fullest extent.
In other news, Opensea promises to make a more enticing UI as well, and are going forward, stronger than they were before this.