Recent Posts
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
- $2 million Christmas bonus for ICANN
- Another VW car dot-brand crashes out
- Largest back-end switch EVER as GoDaddy loses deal
- Yeah, we got phished, ICANN admits after crypto hack
- ICANN hacked to promote crypto scam
- Super Bowl a bit of a dud for .com?
- More gloom predicted for .com
- These are the .gov domains Trump has deleted so far
- Did Trump just create the world’s next ccTLD?
- $3,000 to do a Whois lookup?
- PIR to join GlobalBlock, but its crown jewel won’t
- LA wildfire victims get domain deletes delay
- .free domains to finally arrive as Amazon reveals three gTLD launches
- Six more gTLDs shown the door, five may be auctioned
- Registrar terminated after ignoring Whois transition
- $10 million ICANN giveaway winners picked
- Whois officially died today
- Typo left MasterCard open to hackers for years
- Could ICANN approve an R-word gTLD?
- These are the TLD growers and shrinkers of 2024 (part two)
- GoDaddy ordered to stop lying about crappy security
- These are the TLD growers and shrinkers of 2024 (part one)
- Dead terrorist domains for sale, just without the hyphens
- ICANN eyes more price hikes as it predicts dismal year for industry
- Meet the six people battling to join ICANN’s board
- New gTLD use cases not much use
- Defensive dot-brands are renewing, making ICANN millions
- Identity Digital offers free domain trials through LinkedIn
- Antisemitic remarks cost registrar dearly
- ICANN lawyers want to keep their clients secret
- Facebook cybersquatter asks ICANN to overturn UDRP ruling
- .xxx founder Stuart Lawley has died
- The new gTLD Next Round is really happening as two ICANN programs go live
- Verisign has much to be thankful for as .com contract renewed
- Another 40,000 .ai domains registered
- RDRS usage hits new low
- A dot-brand that was actually used is shutting down
- .id joins the million-domain club
- GoDaddy’s .xxx contract renewed
- Twitter clone Bluesky has one feature domain people should like
- ICANN confirms two bans on new gTLD gaming
- eBay slogan domain no longer has a BIN price
- Will Donald Trump be .io’s white knight?
- As customers flee legacy gTLDs, .org tops 11 million names
- Company accidentally puts porn domain on kids’ toys
- eBay’s new slogan looks like a $75,000 domain it doesn’t own
- Americans are deserting .com
- Weak Q3 for the domain universe, Verisign reports
- ICANN says it WILL raise its domain taxes soon
- Senator says domain industry “enables” Russian disinfo attacks
- bit.ليبيا? Libya to get its Arabic ccTLD
- Verisign gets eight more years running the root
- Two-horse race for open ICANN board seat
- Chinese say internet not ready for single-letter gTLDs
- Unloved INTA slams ICANN over new gTLDs
- Namecheap scores win in .org price-cap lawsuit
- Some Guy wants to take over .com and .net
- Second-shot gTLD bid rules revealed
- Nominet names directors after tight election
- Lawyer ban coming to ICANN
- Identity Digital to take over .ai
- ICA teams up with WIPO on UDRP reform
- Response to sex harassment lawsuit “inadequate”, say ICANN vets
- Unstoppable tops four million names
- Amazon readying fashion and book gTLDs
- Five times ICANN deleted a ccTLD, and what it means for .io
- Future of .io domains uncertain as UK hands over Chagos islands
- .ai now has over half a million names
- UK and Israel cut ICANN funding
- Twitter now up-to-date on linkification
- Moment of truth as .music domains finally go on sale
- ICANN fixes embarrassing “What is a Domain Name?” mistake
- Another ccTLD opens up its second level
- Reporter gains first access to .io island for decades
- .io sells $40 million of domains after massive uptick
- After five years, “useless” TLD has two web sites
- Verisign agrees to .com takedown rules
- New .com contract could see ALL domain prices go up
- Investing in .ad domains may be risky
- Plurals ban policy handed to ICANN board
- Three .now domains sell at premium EAP prices
- ICANN confirms new gTLD application fee
- New gTLD application fee rises by thousands after collision call
Yeah, we got phished, ICANN admits after crypto hack
ICANN has confirmed that a phishing attack was responsible for the hacking of its Twitter account last night.
The Org placed this statement, which suggested that the attack may have been more sophisticated than you might have thought, on its home page earlier this evening:
On 11 February 2025, ICANN became aware of a successful phishing attack on our ICANN X [Twitter] account. We are investigating the root cause of the issue and working to resolve it as soon as possible. ICANN uses multi-factor authentication on all social media platforms and has confirmed that none of our other accounts have been impacted.
The hack saw ICANN’s Twitter account tweet several messages promoting a newly created memecoin cryptocurrency called $DNS, presumably to scam would-be investors out of money.
The compromise, which seemed to be timed to close of business in ICANN’s home in California, did not last long and the tweets were swiftly deleted.
Now ICANN seems to have confirmed that one of its staffers was phished to obtain @ICANN’s login credentials, but the fact that the account was protected by multi-factor authentication creates an additional wrinkle.
Twitter offers three MFA methods — codes delivered via SMS, a mobile authenticator app, or a hardware token.
In each case, logging in requires the user to have a physical device in their hand to create the secondary login credential. The victim would have had to provide this time-limited one-time password to the attacker too.
I hope the staffer who got suckered, presumably a member of the comms team, isn’t getting too much of a bollocking today, as these kinds of attacks are increasingly sophisticated and managing online life increasingly complex.
Just a day earlier, the well-known BBC political journalist Nick Robinson, who presents the popular Today show on Radio 4, got phished in what one assumes was a very similar way and for an identical purpose.
This BBC article goes into some detail about the attack on Robinson, including screenshots of the phishing email he fell for, and goes a way to explain how even somebody trained to avoid this kind of stuff can have a moment of vulnerability.
While few of Robinson’s one million Twitter followers could have seriously believed that Today had launched a memecoin, it’s more plausible that somebody familiar with crypto and somewhat aware of ICANN could have believed that ICANN would. The two areas of tech increasingly intersect nowadays.
When the attack proved successful, the bad guy must have thought all of her Christmases had come at once.
ICANN says it is going to post more information to its cybersecurity incident log as its investigation progresses.
If it turns out the phish was successful because somebody didn’t check the domain name of the link they were clicking on, it could be fascinating reading.
ICANN hacked to promote crypto scam
ICANN’s Twitter account appeared to be hacked briefly last night, and was used to promote what looks like a pump-and-dump cryptocurrency scam.
A series of tweets from the official @ICANN account plugged a memecoin named $DNS from around 0200 UTC today, just when ICANN’s California crew would have been clocking off for the day.
“2025: The Internet Gets Its Own Currency. @icann is redefining digital ownership with $DNS – the first memecoin to merge domain governance & Web3 culture,” one of the tweets read, according to a screen capture from domain lawyer John Berryhill.
ICYMI pic.twitter.com/f8R3AzaLaO
— John Berryhill (@Berryhillj) February 12, 2025
The posts linked to dnscoin.org, which at the time was a live web site promoting “$DNS. Own the Internet Again. ICANN’s decentralized memecoin for domain governance”, according to what little remains visible in Google’s index.
The domain, which had been registered for years, has already been deleted entirely. Not suspended. It’s just gone.
ICANN seems to have restored control over its Twitter account fairly quickly, but Berryhill’s caps show the scam tweets were viewed by at least a couple thousand of @ICANN’s 104,000 followers.
The apparent scam appears to be either a modern-day pump-and-dump scheme, where investors hype up a crypto coin only to cash out when its value peaks, or what crypto investors call a “rug pull”, which is more akin to straightforward theft.
Either way, it seems possible that some people may have lost some money, and ICANN’s not-great reputation for security has certainly suffered another embarrassing setback.
It seems likely that @ICANN either had a weak password, or somebody with access to the account got their device compromised in some way.
ICANN, no doubt sifting through the evidence this morning, has yet to publish an official statement.
Is this the first Next Round new gTLD contention battle?
It had to happen sooner or later. With a few dozen would-be new gTLD applicants breaking cover over the last year or so, we seem to have our first clash and our first potential 2026-round contention set.
The sought-after contested gTLD is .chain, which now has two announced hopefuls after blockchain-based alternative naming system Freename.io yesterday revealed it wants the string.
“The company intends to apply for .chain, .token, .metaverse and a variety of other gTLDs,” Freename said. “Freename will also submit applications on behalf of third-party customers in this new gTLDs round.”
Freename, if it follows through, is likely to face competition from at least one other applicant, a company called 3DNS, which in June announced plans to apply for .chain and .super.
3DNS has Intercap as its registry partner, while Freename is partnered with registry ShortDot on a joint venture called WebUnited.
Freename already sells blockchain-based names that use .chain as an extension, while 3DNS sells third-level DNS domains under .chain.box that it hopes to upgrade to second-level names should it win the ICANN contest.
In truth, I’d be incredibly surprised if these are the only two companies to apply for .chain, which is a shortened version of “blockchain” and likely to be an attractive string with the whole crypto/”Web3″ crowd.
Under ICANN’s under-development rules, the exact process for resolving contention sets is still up in the air, with more clarity hoped for over the next few months.
ICANN has confirmed that it intends to ban private auctions in the next round, but has also come up with a new second-choice alternate string option that is already causing grumbling in the policy-making community.
D3 to get $5 million in crypto to apply for .ape gTLD
New gTLD consultancy D3 Global has inked a deal to apply for the .ape gTLD on behalf of the ApeCoin community.
The company said in a blog post that it will receive three million $APE — cryptocurrency coins currently worth about $5 million, according to Coinbase — in order to apply to ICANN for, operate and market .ape domains.
As it has with other clients, it will first launch *ape names that can only be used on the relevant blockchain to address crypto wallets and such. D3 uses an asterisk to differentiate blockchain names from real domains.
The deal came about after D3 submitted a proposal to the ApeCoin DAO. That’s a Decentralized Autonomous Organization that allows any ApeCoin holder to have a vote in the development of the ApeCoin ecosystem. They voted overwhelmingly in favor of D3’s proposal.
The DAO will receive 50% of gross revenue from *ape and .ape sales under the deal, but D3 says it will retain exclusive rights to .ape. Presumably this is because there’s no way in hell ICANN’s lawyers are going to allow it sign a registry contract with a DAO.
The business plan proposal is quite detailed for a public document, containing stuff like revenue projections that ICANN will redact from published gTLD applications. D3 reckons it could be turning over about $8 million with 90,000 registered .ape names by its fourth year.
“It’s simple, Ape Names are built by Apes, for Apes,” D3 said. As well as quite the most ludicrous quote I’ve used in a considerable while, it also happens to be Technically The Truth when said of any TLD, when you think about it.
But it’s actually a reference to the fact that a few of the D3 C-suite are owners of Bored Ape Yacht Club and Mutant Ape Yacht Club NFTs — those expensive little crypto chimp avatars that people sometimes use in their social media bios.
D3 CEO Fred Hsu apparently owns this ape picture, which is “worth” almost $37,000. Fellow co-founder Paul Stahura has a whole collection.
In other news, there’s still no cure for cancer.
D3 signs up crypto gTLD client number five
New gTLD consultancy D3 Global has signed up its fifth blockchain gTLD client since launching last September.
The company today announced a deal with Core Chain to apply for .core when ICANN next opens a new gTLD application window, currently expected mid-2026.
Core Chain makes a software platform for developers that want to building decentralized applications on blockchains. It says it has over five million connected cryptocurrency wallets.
D3 has recently announced similar partnerships with NEAR Foundation (.near), Gate.io (.gate), Viction (.vic) and Shiba Inu (.shib).
The company says its mission is to help blockchain companies operate on the traditional DNS as well as the blockchain-based alternate naming systems.
GoDaddy offers free Ethereum blockchain integration
GoDaddy has updated its domain management platform to allow users to add their Ethereum blockchain wallet addresses to their domains for free.
The registrar said it has partnered with Ethereum Name Service to offer the service, which will enable mutual customers to transact with ETH cryptocurrency using regular domain names instead of the massive gibberish strings crypto wallets usually use.
It’s free, due to ENS’s release last week of gasless DNSSEC, which links Ethereum to DNS by placing wallet addresses in the TXT records of domain names.
Before this update, ENS said the crypto transaction fees (“gas fees”) involved in validating domain ownership could reach as high as 0.5 ETH, which is over $1,100 at today’s prices.
The GoDaddy integration means the process of adding the TXT records has been simplified and can the accomplished in just a few clicks via the usual domain management interface.
Using ENS with your domain does require turning on DNSSEC, which adds some security benefits but also carries a downtime risk over the long term.
Shiba Inu outs itself as crypto new gTLD applicant
Shib, the developer behind the Shiba Inu cryptocurrency, said today that it plans to apply to ICANN for the .shib top-level domain.
The idea is to have the domain in the consensus DNS root and also in a blockchain and to make the two interoperable.
The company has partnered with D3 Global, the startup launched in September by industry veterans Fred Hsu, Paul Stahura and Shayan Rostam, to work on the application and interoperability platform.
Shib seems to be the second customer for D3. It’s also working with a blockchain company called Viction on .vic.
Perhaps erring on the side of responsibility, D3 is using an asterisk instead of a dot when offering names prior to ICANN approval, so it’s *shib and *vic instead of .shib and .vic.
The next ICANN application round is not expected to open until early-to-mid-2026.
ICANN turns down money from blockchain alt-root
It seems ICANN is turning down free money from blockchain alt-root providers, apparently as a matter of principle.
We hear one such alt-root, Freename.io, tried to sponsor the upcoming ICANN 78 meeting in Hamburg, but was rebuffed.
“At this time, ICANN is not interested in having Freename serve as a sponsor and will not be moving forward with a sponsorship agreement,” the Org told the company in an unsigned email.
Freename had offered to be a general sponsor, and not at the cheapest tier, I’m told.
ICANN sponsorship offers typically start in the low thousands but can get up to six figures at the higher tiers. Sponsorship is overall a very small part of ICANN’s revenue.
Org has become increasingly rattled in recent years with the proliferation of alt-roots, which have been gradually gaining market acceptance while ICANN’s own efforts to expand the domain universe languish in interminable policy knots.
ICANN delayed the sale of the UNR portfolio of gTLDs until buyers renounced their ownership rights to blockchain versions of their authoritative root strings.
Clearly, splashing an alt-root’s branding all over an ICANN stage would be seen as problematic.
Freename.io plans to attend the Hamburg meeting anyway.
.art links DNS and alt-root ENS
UK Creative Ideas, the .art gTLD registry, has started offering its registrants the ability to register names on the blockchain-based alt-root Ethereum Name Service that exactly match their DNS names, for a one-time fee.
CMO Jeff Sass said that for $20, paid in Ethereum coin, registrants can secure their exact-match on the ENS, with no renewal fees.
There’s an authentication system using DNS TXT records to make sure only .art DNS registrants can obtain their matching ENS names, he said.
“We’ve married the two together, so there can’t be any confusion or collisions,” he said.
The benefit of this is that registrants will be able use their .art domains to address their cryptocurrency wallets. Web browsers that support ENS obviously already support DNS, so there’s no real benefit in that context.
.ART is also selling ENS .art names without matching DNS names — and these can include ICANN-prohibited characters such as emojis — but these are priced from $5 to $650, based on character count, and have annual renewal fees.
.art current has about 230,000 registered names, a pretty respectable number for a new gTLD, and Sass said about 60% of them are in the form of firstnamelastname.art, suggesting usage by professional and amateur artists.
gTLD registries selling matches in alt-roots has been a cause of concern at ICANN over recent years, due to legal concerns. Uniregistry’s sale of its portfolio was held up for months because of this.
It’s ICANN versus the blockchain in Kuala Lumpur
Internet fragmentation and the rise of blockchain-based naming systems were firmly on the agenda at ICANN 75 in Kuala Lumpur today, with two sessions exploring the topic and ICANN’s CTO at one point delivering a brutal gotcha to a lead blockchain developer.
Luc van Kampen, head of developer relations at Ethereum Name Service, joined a panel entitled Emerging Identifier Technologies, to talk up the benefits of ENS.
He did a pretty good job, I thought, delivering one of the clearest and most concise explanations of ENS I’ve heard to date.
He used as an example ICANN’s various handles across various social media platforms — which are generally different depending on the platform, because ICANN was late to the party registering its name — to demonstrate the value of having a single ENS name, associated with a cryptographic key, that can be used to securely identify a user across the internet.
Passive aggressive? Maybe. But it got his point across.
“We at ENS envisage a world where everyone can use their domain as a universal identifier,” he said. Currently, 600,000 users have registered 2.4 million .eth domains, and over 1,000 web sites support it, he said.
He described how ENS allows decentralized web sites, is managed by a decentralized autonomous organization (DAO) and funded by the $5 annual fee for each .eth name that is sold.
Van Kampen had ready responses to questions about how it would be feasible for ENS to apply to ICANN to run .eth in the consensus root in the next new gTLD application round, suggesting that it’s something ENS is thinking about in detail.
While not confirming that ENS will apply, he described how a gateway or bridge between the Ethereum blockchain and the ICANN root would be required to allow ENS to meet contractual requirements such as zone file escrow.
What did not come up is the fact the the string “eth” is likely to be reserved as the three-character code for Ethiopia. If the next round has the same terms as the 2012 round, .eth will not even enter full evaluation.
But the real gotcha came when ICANN CTO John Crain, after acknowledging the technology is “really cool”, came to ask a question.
“What kind of safeguards and norms are you putting in place regarding misbehavior and harm with these names?” Crain asked.
Van Kampen replied: “Under the current implementation of the Ethereum Name Service and the extensions that implement us and the integrations we have, domains are unable to be revoked under any circumstances.”
“So if I understand correctly, under the current solution, if I’m a criminal and I register a name in your space, I’m pretty secure today,” Crain asked. “I’m not going to lose my name?”
Van Kampen replied: “Under the current system, everything under the Ethereum Name Service and everything registered via us with the .eth TLD are completely censorship resistant.”
Herein lies one of the biggest barriers to mainstream adoption of blockchain-based alt-roots. Who’s going to want to be associated with a system that permits malware, phishing, dangerous fake pharma and child sexual abuse material? Who wants to be known as the maker of the “kiddy porn browser”?
If I were Crain I’d be feeling pretty smug after that exchange.
That’s not to say that ICANN put in a wholly reassuring performance today.
Technologist Alain Durand preceded van Kampen with a presentation pointing out the substantial problems with name collisions that could be caused by blockchain-based alt-roots, not only between the alt-root and the ICANN root, but also between different alt-roots.
It’s a position he outlined in a paper earlier this year, but this time it was supplemented with slides outlining a hypothetical conversation between two internet users slowly coming to the realization that different namespaces are not compatible, and that the ex-boyfriend of “Sally” has registered a name that collides with current boyfriend “John”.
It’s meant to be cute, but some of the terminology used made me cringe, particularly when one of the slides was tweeted out of context by ICANN’s official Twitter account.
To learn more about alternative naming systems, read #ICANN's OCTO publication >> https://t.co/LFYjy1KX3w | Emerging Identifier Technologies #ICANN75 pic.twitter.com/mWN7fCc7eR
— ICANN (@ICANN) September 21, 2022
Maybe I’m reading too much into this, but it strikes me as poor optics for ICANN, an organization lest we forget specifically created to introduce competition to the domain name market, to say stuff like “Market, you are a monster!”.
I’m also wondering whether “icannTLD” is terminology that plays into the alt-root narrative that ICANN is the Evil Overlord of internet naming. It does not, after all, actually run any TLDs (except .int).
The language used to discuss alt-roots came under focus earlier in the day in a session titled Internet Fragmentation, the DNS, and ICANN, which touched on blockchain alt-roots while not being wholly focused on it.
Ram Mohan, chief strategy officer of Identity Digital and member of ICANN’s Security and Stability Advisory Committee, while warning against ICANN taking a reflexively us-versus-them stance on new naming systems, wondered whether phrases such as “domain name” and “TLD” are “terms of art” that should be only used to refer to names that use the consensus ICANN-overseen DNS.
We ought to have a conversation about “What is a TLD”? Is a TLD something that is in the IANA root? Is a domain name an identifier that is a part of that root system? i think we ought to have that conversation because the place where I worry about is you have other technologies in other areas that come and appropriate the syntax, the nomenclature, the context that all of us have worked very hard to build credibility in… What happens if that terminology gets taken over, diluted, and there are failures in that system? … The end user doesn’t really care whether [a domain] is part of the DNS or not part of the DNS, they just say “My domain name stopped working”, when it may not actually be a quote-unquote “domain name”.
Food for thought.
Recent Comments