With just 676 domains in existence, two-letter .COM names are some of the most sought-after properties on the Internet. Thanks largely to interest from Chinese investors, these names now routinely fetch six and seven-figure prices. Two-letter names are liquid domains that can easily be resold within a matter of days thanks to the number of investors around the World who covet these as assets. It’s this liquidity that can make these a target for domain thieves. Last week, we noticed that the domain CV.com had moved from Network Solutions to GoDaddy and started to display a new website. Typically, this would signify that the domain had sold, but not in this case. It turns out that the domain had been given back to its rightful owner after an investigation by Web.com, owners of registrar Network Solutions. This news came to light after speaking with Amanda Waltz, executive director at Brandit, a brokerage company that marketed the domain for a brief period last year before the theft came to light. According to Amanda, the domain was originally owned by a French company, who sold this valuable name a couple of years ago to a husband and wife, who happen to have a Chinese surname. The thief created an email address that was of Chinese surname decent and transposed two letters. For example, a “@Chiang.com” email address would have been changed to a “@Chaing.com” address, which helped to transfer control of the domain with little detection. According to Amanda, it’s also likely that the thief hacked into the couple’s registrar account for a brief period of time, with the domain transferred to the thief’s possession using that very similar email address. The two-letter domain transferred into the possession of the thief in October 2017, with just the email address subtly changed. This made it extremely difficult for registrars and brokers performing due diligence to spot any problems with the domain. According to DomainIQ's WHOIS history tool, the name moved into the possession of Web.com's legal team in January 2018 following work from Amanda to confront the imposter. Following an investigation, the domain was given back to the original owners and has now been moved under privacy protection to GoDaddy. Securing assets such as CV.com against theft should be a high priority for owners. Many registrars and email services encourage users to introduce two-factor authentication and other security measures to protect their accounts. NamePros own @Paul Buonopane produced an article about domain theft that provides further reading on this matter.