Cache of 25 LLLL .com domains stolen from a GoDaddy account


Warning: Stolen domains!

It’s time to emphasize, once again, one important action for domain investors:

Enabling two factor authentication when your domain registrar allows it, can save your domains.

In the case of a newly disclosed domain theft, 25 four letter (LLLL) .com domains were stolen from a GoDaddy account.

Their owner utilized two factor authentication for a while, but apparently the SMS messages would take a long time to arrive in his country.

Delays in SMS delivery is yet another issue; domain registrars such as Uniregistry, and eNom use the Google Authenticator app, while offers a USB fob.

The stolen domains were moved to registrars Namesilo and 22.CN in China – the latter, hardly a surprise.

Here is the list of stolen domains:


Do not buy these domains, they are currently in the possession of a thief!

Copyright © 2022 · All Rights Reserved.


9 Responses to “Cache of 25 LLLL .com domains stolen from a GoDaddy account”
  1. Domain Observer says:

    The real problem is hackers just break into a registrars’ server and move domains from it to another (by breaking in, too) without the hassles of logging in or 2fa. Totally without any fault on the side of the losing domain holder.

  2. DomainGang says:

    Domain Observer – As far as I know, this only happened with Moniker last year. The vast majority of domain theft occurs by using phishing emails. Two factor authentication is a must.

  3. Domain Observer says:

    What I am saying is hackers do it without phishing emails because they don’t follow the log-in process. Why should they need a password to break in? They simply break in an apartment without a key, in other words. I am sure technicians know this, but don’t speak openly.

  4. DomainGang says:

    Domain Observer – As I explained, this occurred (confirmed) with the mass breaching of Moniker accounts, last year. The onus is on the registrant to ensure they don’t fall prey to phishing emails & to enable two factor authentication – that’s how 99% of domain thefts occur.

  5. Domain Observer says:

    I am the guy who actually suffered from this kind of domain stealing several (perhaps 5-6 years ago, I don’t exactly remember) years ago. There were no phishing emails to me and I usually don’t open strangers’ email, let alone clicking links in emails.

  6. Domain Observer says:

    I even don’t click any link in emails from my domain registrar. Domain registrars should stop this practice.

  7. DomainGang says:

    Which registrar was it? How did you confirm there was a security breach at their end?

  8. Domain Observer says:

    It was one of the Asian registrars. I don’t want the name to be disclosed at this point in time because it has something to do with their business reputation and helped successfully recovering my domain anyway. There was no notice from the registrar to me about the domain transfer, which should be in a normal transfer case. They didn’t even know my domain was transferred from my account until I told them. And I never used my id and password in any case other than logging into the registrar’s own website.

  9. Hire Domains says:

    Thanks for making this public

Leave a Reply

Your email address will not be published.

 characters available