alert [RESOLVED] - Scammed by hacker $3,000 btc pornography.com affiliate.org etc

[Investful]

The sale thread is in another forum.
https://bitcointalk.org/index.php?topic=1722533.msg%msg_id%
and these domain were also listed on hackforum and flippa.

I bought 2 domain from him, paid ~3k in bitcoin.

It went smoothly initially, he actually went first(I thought nothing could go wrong) transferred the domain into my account, and gave me a week to pay it off. A week later, I paid in full.

But few days later, I get a message from the domain company "namecheap/enom" telling me those 2 domain has been "Locked due to pending Transfer Dispute".

send payment to address:
1J8moCzzRg6rdoGv1aqoPJCqrkXhocwNtT
1NmBxpMrY1wqKsWD8HK6n9ZQF6WP5povFK
17An4YMbWeXhkg7nnPumdrgHSgVeut1jbY

Here's are the list of stolen or his domains(how does owner of $100k+ domain not have strong account security).
pornography.com
lurking.com
schoolteacher.com
automating.com
disturb.com
overpopulation.com
affiliate.org
affiliatemarketing.net
TMZA.com

many of these domains were listed in flippa.com a week back.

 

[ison]

https://blockchain.info/ << Use this to trace BTC transactions.

You can try contacting Coinbase support team with proof and let them know what happened. If the recipient was using Coinbase, they might freeze his account.

Coinbase won't lift a finger without a court order.

Bitcointalk is not a place to buy domain names, it infected with scammers..
try to send Theymos a PM with proof..he can help you

Theymos will just ignore you. He is a libertarian extremist, and he believes in the warped definition of the 'free market.' He even rejects the concept of intellectual property. Even proven scammers are not banned from Bitcointalk, aside from a scammer tag.

There was a guy once whose account was hacked and sold (yes, Bitcointalk accounts can be sold). Theymos refused to return the account to the original owner, and instead blamed him for lax account security. It is worth mentioned that the account was resold for 1BTC (IIRC) by someone under the Default Trust list.

 

[deez007]

Hmmm I wonder if you actually contact Namescheap and show them all the proof and give them copies and screen shots of the conversations that took place IF maybe they would be able to see that you have been scammed and then MAYBE they would unlock the domains and release them to your account... then you would be scr*wing the scammer properly cos you would essentially have domains worth $xxx xxx for $3k and he would be the one out of pocket. Win/Win situation if you can manage to convince Namescheap to play ball.

Worth a shot I'd say, sure it might not work but nothing to lose and plenty to gain...

 

[lock]

I saw pornography dot com somewhere advertised recently thought it was cheap but a lot more than that.

 

[Kuffy]

I'd avoid using BTC to pay for domains, or anything of value, in the future.

Why on earth would you say that. With multi-sig, and deferred confirmations, I believe Bitcoin is the best payment option for domains that is currently available. It is non-reversible, and has low fees. A time lock on the spending of the Bitcoin could have allowed you to recover the money.

The problem was not with the payment method, but lies with the domain transfer procedures, and the lack of protection for domain names.

 

[Kuffy]

I had a look at the thread on Bitcoin talk, and there are several red lights.

The poster is a newbie with no trust. That in itself is not a problem, but it does mean one should approach the purchase with caution.

Also, I notice that the seller does not have any negative trust entries. I would have thought that this would be the first thing to do. Please reprt this to one of the global moderators there. to stop others being scammed.

I started a thread in Meta that links to this thread.

 

[Kate]

There are several red flags:

• push first before payment is secured
  
• somebody who owns quality domain names should have received inquiries and unsolicited offers, then they are aware their names have some value (if they didn't know already)
  
• knowing this, they won't post them for sale in a backyard alley but where they are going to get qualified eyeballs
• they should have no incentive to liquidate in a hurry when they can competing bids
  
• of course the seller won't post on specialized (domainer) forums precisely because the domain names would be scrutinized there, especially coming from a new member.

Even if the seller proves that he is in control of the domain, past ownership, record changes etc should always be investigated.
BTC is great for anonymous purchases but if you pay in non-repudiable currency and the seller is anonymous what recourse do you have ? Zero.
Even if the OP gets the domains back, they must belong to another party and should be considered stolen.

Lesson learned: use a payment method that leaves some sort of trail usable for law enforcement. The problem is that domain names being intangible assets they can easily be taken away from you later on.

 

[Kuffy]

Please don't keep trashing Bitcoin. Bitcoin offers one of the best and safest payment methods if it is used properly. It wasn't Bitcoin that was the problem here. In fact the payment went through a Bitcoin mixer, but I'm not sure how you can discover this before you make the payment.

PayPal is the scammers chosen method of payment, and Bitcoin offers a way to escape from this, and at a lower price. Would escrow have worked in this case, if the the payment was released after a succesful transfer that was subsequently reversed.. A time delayed multi-sig Bitcoin payment would have been safer if the seller was prepared to wait. Obviously he wouldn't in this case.

 

[OneOfTheseDays]

as a total newbie this is the first section of this forum i am going to research
best to learn the pitfalls - so many crooks about

 

[Domains - Wanted]

...Would escrow have worked in this case, if the the payment was released after a succesful transfer that was subsequently reversed...

YES, it would help a lot. There would have been a clear record (read: proof) of payment for the domain(s) in question to the very same party that pushed/transferred them.

 

[Kuffy]

There is a proof of payment with Bitcoin. In fact the whole history of payments to a wallet are available for public scrutiny on the blockchain. I assume that the party who pushed the names set up a false id, and this wouldn't have helped with escrow.

It is also possible to register your wallet address in various places, and a careful buyer can reserch those. This is why I suggest that Bitcoin when used sensibly and correctly can be the best form of payment for domain names.

 

[Domains - Wanted]

...I assume that the party who pushed the names set up a false id, and this wouldn't have helped with escrow.

I disagree. The buyer would have paid to the intermediary (escrow) company. Escrow would have forwarded funds to the same party that pushed/transferred the domain. All nicely documented by the escrow intermediary. Hence, no way for this particular scam to succeed with escrow.

 

[Kuffy]

Have I missed something here? I thought this was the sequence -

The deal was negotiated and a price agreed.
The seller transferred the names to the buyer.
The buyer verified that the names were safely in his account, and started to use them.
The buyer sent the money to the seller.
Some time later, the buyer was told that the names were stolen, and they had been removed from his account.

I thought that escrow paid out as soon as the buyer verified the safe receipt of the names. Up until this point the buyer hadn't paid anything. So the payment by the escrow company, and the payment by the buyer would have happened at the same point in the transaction. Hence my comment that escrow wouldn't have been any help. Of course, if the escrow included an element of insurance, then there could have been a claim on that, but that is a different issue.

 

[Domains - Wanted]

Have I missed something here? I thought this was the sequence -

Sorry, I was referring to a model escrow transaction, not this particular scam where there was no space for escrow.

 

[wayne wooldridge]

There doesn't seem to be much that can be done here. The names never belonged to the scammer.

Likely he gained access to the registrants account(s) and just put up the names for sell on a site where nefarious activity is allowed. All he had to do was find someone to take the bait, he transfers names, knowing he had nothing to lose.

Leaving the original owner of the domains to realize his names disappeared from his account. It's not the scammer getting the names back, but the rightful owner. The scammer is laughing his way to the bank while you are left holding the empty bag.

Sorry this happened, but it is very suspicious d someone would just transfer a name like that without payment. Live and learn...

 

[Investful]

How would someone use escrow if the scammer went first, gave me the domain without me paying a penny to him, just by showing him my real name/id/address. I know red flag from hindsight.

Another point, I had the domain secured under my account safely for more then a week~, without any dispute complain during that time, that's why there's 3 different payment in span of a week. It happen just after I paid in full.

According to whois information, the last update date was,
Updated Date: 2016-12-03T02:45:13.00Z
and sale thread date was 12/20/2017
and I bought it in 1/15/2017, and finalize payment sale in January 22, 2017.

The domain was in my hand for a week, and scammer had the domain for a month+. How does namecheap/enom and the original owner have so low of security for 100k+ domains list. 2 months? if any longer the thief would had secured the domain?

 

[MasterOfMyDomains]

I'll knock bitcoin. After reading this, i wont use bitcoin for any transactions until there is an xx,xxx sale in .men
Even if bitcoin is safe now, and it doesnt appear to be. Scammers will figure out different ways to scam with this invisible coin.
Sorry about your loss

 

[Kuffy]

I'll knock bitcoin. After reading this, i wont use bitcoin for any transactions until there is an xx,xxx sale in .men
Even if bitcoin is safe now, and it doesnt appear to be. Scammers will figure out different ways to scam with this invisible coin.
Sorry about your loss

and you would probably use PayPal - the scammers real friend.

You need to read about Bitcoin, and all the features that can be built into secure payments.

This fraud was not about Bitcoin, but about the vulnerabilities in doman name security and transfers.

 

[Kate]

Indeed the problem here is lack of due diligence. BTC makes it more difficult to trace the money to the person behind this scam.
I'm all for anonymity but it's less acceptable for large business transactions.

Where are the original owners of the domains ? Are they even aware of what's going on ?

 

[Kuffy]

Actually Bitcoin is not as anonymous as people think. because everything is recorded on the blockchain foir public inspection. It's even less anonymous if you register your address in various places, which is what I have done. It would be a simple matter for anyone to track a payment back to me.

This case was a bit different though, The scammer ran the payment through a mixer. A mixer is a site that takes a load of payments and splits them and jumbles the bits. It then pays the scammer with some of the bits that have come from various sources. It isn't possible to track the payment through the mixer.

If you are paying a large amount in circumstances such as this one, you should verify the address of the recipient, or use a multi-sig with a trusted third party.

 

[Domains - Wanted]

Actually Bitcoin is not as anonymous as people think. because everything is recorded on the blockchain foir public inspection. It's even less anonymous if you register your address in various places, which is what I have done. It would be a simple matter for anyone to track a payment back to me.

This case was a bit different though, The scammer ran the payment through a mixer. A mixer is a site that takes a load of payments and splits them and jumbles the bits. It then pays the scammer with some of the bits that have come from various sources. It isn't possible to track the payment through the mixer.

If you are paying a large amount in circumstances such as this one, you should verify the address of the recipient, or use a multi-sig with a trusted third party.

Fascinating. And utterly incomprehensible. I'm old

Seriously, thanks for your insights, shorthand that they are. Guess it's time I catch up and make friends with this Mr.Bitcoin...