Spaceship

auctions Spend.com auction is crazy!

Spaceship Spaceship
Watch
Impact
156
Anyone following that Spend.com auction over at Dropcatch? Two bidders are going at it. Current high bid is $762,500.

PS: The winning bid appeared to be $702,500, but now the auction has been extended for another 24 hours due to technical difficulties.
 
Last edited:
8
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
4
•••
2
•••
FYI: here is a similar ongoing thread on this topic: https://www.namepros.com/threads/spend-com.1344257/

Assuming it wasnโ€™t an end user purchase, is that the best use of $702,500 worth of capital while keeping within the domain name industry?

What do other investors think?
 
Last edited:
8
•••
Last big auction i followed on DropCatch with end user winning was Medal.com at $185,728 in 2022.

We'll just have to wait and see if it's an end user purchase for this one.
 
2
•••
3
•••
FYI: here is a similar ongoing thread on this topic: https://www.namepros.com/threads/spend-com.1344257/

Assuming it wasnโ€™t an end user purchase, is that the best use of $702,500 worth of capital while keeping within the domain name industry?

What do other investors think?
I'm guessing only a handful of investors have the money to spend $700k on a domain and hold it until they can sell it for 7-figures. If it was an investor, I'm wondering where in that 7-figure range the price tag will land. 5x?
 
1
•••
Last edited:
3
•••
1
•••
I noticed there were some hick-ups in the last 2-3 minutes when I launched the auction in a separate browser tab (API errors showing up in a toaster message). Could be that Sharma tried to add another bid but was unable to due to technical difficulties. Not sure what happened, but the auction seems to continue.
 
2
•••
Reseller market is heating up fellas. Looking good for the end user game.
 
1
•••
End user battle at that point.
 
3
•••
"We are currently addressing issues with auctions ending today and will be extending those auctions."


issues.png
 
Last edited:
5
•••
Could have hand regged 140,000 names at Spaceship instead ๐Ÿคทโ€โ™‚๏ธ
 
15
•••
DropCatch, We are currently addressing issues with auctions ending today and will be extending those auctions.
 
3
•••
How and when does that happen?
They were having problems at the top of DropCatch.com now I see

We are currently addressing issues with auctions ending today and will be extending those auctions.
 
Last edited:
3
•••
3
•••
Does someone know who dropped that name?
 
2
•••
6
•••
4
•••
Assuming it wasnโ€™t an end user purchase, is that the best use of $702,500 worth of capital while keeping within the domain name industry?

What do other investors think?
Bad investment.
 
5
•••
Last edited:
10
•••
7
•••
Unless somebody figured out how to use the spend.com domain to unlock a treasure trove of hidden crypto.

Well, spending crypto is a thing, hence bitpay.com, bitrefill.com, spendcrypto.com, solspend.io (more niche), etc.

One of the top bidders is "sharma". Yes I know Sharma is a common surname, but assuming this craze is crypto related, I cannot help but thinking of this:

https://www.justice.gov/usao-sdny/p...any-sentenced-8-years-prison-ico-fraud-scheme

(disclaimer: just pointing out a coincidence, not connection)
 
4
•••
Well, spending crypto is a thing, hence bitpay.com, bitrefill.com, spendcrypto.com, solspend.io (more niche), etc.

Oh I agree, it's a huge domain with or without finding sunken treasure! $700k is a drop in the bucket for fintech.

I was more so pointing out with how entrenched Spend appered to be in the crypto space, and given the lapse in domain management, it's not inconceivable that access to @spend.com email addresses could be a catch-all to a password reset at an exchange, or a gateway to an area where keys may be stored.

Maybe just a domainer fantasy, but if nothing else it makes for a good chatgpt story prompt:

In January 2025, a domain with a long-forgotten history made headlines: spend.com. Once the home of a now-defunct cryptocurrency wallet service, the domain had been inactive for years following the company's collapse. After its expiration, it was sold for over $700,000 to a buyer with a keen interest in crypto infrastructure and domain-based data recovery.

The new owner, with years of experience in domain acquisition and digital security, had a particular interest in investigating the assets associated with spend.com. Little did they know that this purchase would lead them to uncover an unexpected treasure buried in the remnants of a long-forgotten system.

The Catch-All Email Configuration​

When the buyer acquired spend.com, one of the first things they did was review the domainโ€™s DNS and email settings. Among these settings, they discovered a legacy configuration: a catch-all email address. Any email sent to an address ending in @spend.com would be directed to the same inbox: [email protected]. This was a holdover from the companyโ€™s early days, when the service had been operational and emails for various admin tasks, like password resets and notifications, were routed through this address.

The buyer set up access to the email inbox, expecting some remnants of past system alerts. What they found, however, was far more interesting than anticipated.

Password Reset Requests and Forgotten Data​

Among the incoming emails, one stood outโ€”a password reset request. At first glance, it appeared to be a standard system-generated email sent from an old, decommissioned service associated with spend.com. However, the email included a URL that led to an old password reset page, one that had been left on the system after the company shut down. The URL itself contained a reset token that could potentially allow access to an administrator account on the old platform.

Intrigued, the buyer followed the link and examined the code behind the page. In the HTML, they found a small comment in the source code: "Treasure is not always what it seems. But this password? Itโ€™s the key." This comment appeared to be a leftover artifact from the original system, possibly written by a developer with a sense of humorโ€”or perhaps something more deliberate.

The comment, while cryptic, triggered a realization: this password reset page was still active, and it was tied to the [email protected] account. With the reset token in hand, the buyer initiated the password reset process.

Accessing the Admin Console​

After successfully resetting the password, the buyer gained access to the administrator console of the old crypto wallet platform. The interface was outdated and clunky, but functional enough to allow further investigation. The console contained logs, user accounts, and wallet information, much of which was dormant or irrelevant. However, one account stood outโ€”an โ€œUnclaimed Fundsโ€ wallet, which had been abandoned when the service shut down.

The account, labeled as unclaimed, appeared to contain cryptocurrency assets, though the wallet itself was locked behind an encrypted key. This was a standard practice for wallets associated with user accounts on the platform: in the event of account deactivation or system failure, the private keys to these wallets would remain secure but inaccessible.

The Key Vault​

A deeper dive into the system revealed that spend.com had used a key vault system, a form of backup to protect wallet keys. The backup system was linked to the [email protected] email address for recovery purposes, and the key vault had been configured to send notifications of any key-related actions to this address.

The buyer sifted through the old inbox and found a series of emails that were sent over the years. These emails were mostly system notifications, but some contained fragments of key recovery informationโ€”partial keys, encrypted strings, or backup codes that were used when the service was still active.

Using cryptographic tools, the buyer was able to decrypt these fragments, piecing together the full key needed to access the โ€œUnclaimed Fundsโ€ wallet. The process took several hours, involving multiple decryption attempts, trial and error, and a careful cross-referencing of the data in the email headers.

Unlocking the Wallet​

With the fully reconstructed private key, the buyer was able to access the wallet associated with the โ€œUnclaimed Fundsโ€ account. Inside the wallet, they found a collection of cryptocurrency assetsโ€”tokens, Bitcoin, Ethereum, and several altcoinsโ€”many of which had appreciated significantly since the platformโ€™s closure.

While the amount was substantial, the true value lay in the technical discovery itself. The process of recovering the private key and piecing together the data from old email fragments was a challenge that required knowledge of both cryptographic techniques and domain management.

Conclusion​

The discovery of the hidden crypto wallet was not a traditional treasure hunt. It was the result of careful analysis, technical know-how, and a bit of luck. The domain spend.com, once a simple service for cryptocurrency wallets, became the key to uncovering a significant sum of digital assetsโ€”assets that had been forgotten and left dormant in the system for years.

For the buyer, it was not just about the value of the assets unlocked, but the satisfaction of solving a technical puzzle. The journey involved exploring old email logs, deciphering fragmented keys, and leveraging a catch-all email configuration that had been left behind in the wake of the platformโ€™s collapse.

In the end, spend.com had not just been a domainโ€”it had been a digital time capsule, holding within it the remnants of an old system, a forgotten wallet, and the keys to a crypto treasure that no one had thought to claim.
 
Last edited:
3
•••
  • The sidebar remains visible by scrolling at a speed relative to the pageโ€™s height.
Back