Hey crypto companies: you NEED to use Registry Lock

Registry Lock would have likely prevented two recent crypto attacks.

Picture of lock on bars with the words "Registry Lock" above it in black letters on yellow background

Companies that deal with cryptocurrencies are effectively financial institutions, and they need to take extra precautions to prevent domain hijacking.


Last week, SpiritSwap said that a hacker had “managed to exploit GoDaddy, essentially they have hijacked our domain and copied our codebase” to trick users into sending swaps to a different wallet.

As Molly White of Web 3 is Going Just Great notes, this is likely a case of stolen credentials, not an exploit of GoDaddy. Ditto for an attack the week before involving a MM .finance, a domain at Namecheap.

If a nameserver change or domain theft could directly impact financial transactions, then the companies running these businesses should use Registry Lock. Registry Lock is a service offered by domain name registries through the registrars. Most Registry Lock products prevent people from transferring a domain or changing its nameservers without going through a multi-step process that involves both the registrar and registry.

In the case of Registry Lock on .com domains, which are operated by Verisign, a domain owner who wants to change their nameservers would first contact their registrar. This would trigger a process in which the registry manually verifies the request.

Not all registries offer Registry Lock, and not all registrars offer it even when the Registry does. Donuts, which runs .finance, does not offer it. I would expect it to offer it in the future because Afilias, which Donuts acquired in 2020, offered it.


When I last checked two years ago, GoDaddy didn’t offer Registry Lock, but it does offer TLD-agnostic services that could help prevent theft or hijacking.

Post link: Hey crypto companies: you NEED to use Registry Lock

© DomainNameWire.com 2022. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Original article: Hey crypto companies: you NEED to use Registry Lock

©2022 Domain Observer. All Rights Reserved.