Internet hackers are widespread, getting stronger on their courses of making quick gains to the detriment of others. Whatever they manage to steal is hardly retraceable, let alone recoverable. However, a highly unexpected scenarios played out recently after an hacker returned Ethereum top-level domains after hijacking them.

According to reports, OpenSea, the digital collectibles marketplace, has been opened for Ethereum domain auction. In this market, “.eth” domains are being auctioned out to the top bidders.

What makes these domains unique when compared to other domains that are powered on standard DNS domain is the fact that their allocations could mean permanency, because they are fixed on Ethereum blockchain. This makes their subsequent retrieval almost impossible.

How the Hacker Managed to Make Self the Top Bidder

The uniqueness of these domains makes it a target for professional hackers. The said hijacker exploited the auction successfully via the software distributing Ethereum Naming Service (ENS) domains to the highest bidders.

He was able to hijack top-level domains such as defi.eth, appl.eth and many more, despite the fact that he wasn’t the top bidder.

As reported, the hacker unrestrictedly carted away with 17 top-level domains in the decisive auctioning. The loophole of input validation discovered by the user permitted him to dubiously place bids on a name that issued a different name.

Other Flaws of the .eth Auction

The flaws of the auction are not limited to the aforementioned. Lapses were detected in the authenticity of bids or bids wrongly processed. Top-level domains such as hodls.eth and bitmex.eth fell in the category of the incorrectly placed bids. However, the two domains mentioned above were not part of those exploited by the hacker.

OpenSea had already blacklisted the affected domains once the anomalies were detected. However, this did not deter the marketplace from soliciting the said hacker to return the stolen domains. This was done for re-auction purposes.

The hacker was admonished to return the stolen domains, attaching 25% of the final auction price, coupled with the main bid as a reward. The hijacker eventually returned the domains, as gestured on twitter by OpenSea.

Conclusively, OpenSea reached its community to get ready for the re-auctioning of the returned ENS domain names, promised to contact the bidders via email, as soon as everything is set for the auction.