Metamask.com: Crypto wallet company is a Reverse Domain Name Hijacker

Metamask, a company formed to assist with crypto wallet transactions via the browser, was found guilty of engaging in Reverse Domain Name Hijacking.

What happened: The company operates from Metamask.io and they filed a UDRP to usurp the domain Metamask.com.

Why did the UDRP fail: The domain Metamask.com was registered in 2005, long before Metamask was founded.

The Respondent is based in Cyprus and acquired the disputed domain name for use in association with software it was developing for design of custom e-cards and it has made demonstrable preparations to use the disputed domain name before having notice of this dispute.

Adam Taylor, sole panelist at the WIPO, ordered the domain Metamask.com to remain with the Respondent. He also found the Complainant guilty of Reverse Domain Name Hijacking.

Final note: Companies using .IO domains often upgrade to the matching .com by means of paying fair market price for them, as in the case of OpenSea.io that acquired OpenSea.com on Sedo for a reported $100,000 dollars, and unlike Spase.io, whose owner filed a UDRP three times, losing every time.

WIPO Arbitration and Mediation Center
ADMINISTRATIVE PANEL DECISION
Consensys Software Inc. v. Justin Pietroni, Netymology Ltd.
Case No. D2021-3337

1. The Parties

The Complainant is Consensys Software Inc., United States of America (“United States”), internally represented.

The Respondent is Justin Pietroni, Netymology Ltd., Cyprus, represented by Lee & Hayes, United States.

2. The Domain Name and Registrar

The disputed domain name <metamask.com> is registered with eNom, LLC (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on October 7, 2021. On October 12, 2021, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain name. On October 12, 2021, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the disputed domain name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on October 13, 2021, providing the registrant and contact information disclosed by the Registrar, and inviting the Complainant to submit an amendment to the Complaint. The Complainant did not file an amended Complaint. The Center received an email communication from the Respondent on October 19, 2021.

The Center verified that the Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on October 25, 2021. In accordance with the Rules, paragraph 5, the due date for Response was November 14, 2021. The Respondent submitted a response on November 12, 2021. The Center notified the commencement of Panel appointment process on November 16, 2021.

The Center appointed Adam Taylor as the sole panelist in this matter on November 29, 2021. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
4. Factual Background

The Panel considers it helpful to set out the factual background chronologically.

The Respondent registered the disputed domain name on January 28, 2005.

Since around 2016, the Complainant and its predecessors have supplied a web browser extension known as “MetaMask”, which is designed to facilitate various cryptocurrency/blockchain activities. The Complainant operates a website at “www.metamask.io”, from where its MetaMask extension can be downloaded.

On November 20, 2017, Aaron James Davis applied for a United States trade mark for METAMASK, in class 9. This trade mark, which refers to a first use date of 2016, was registered on July 3, 2018, under number 5507510.

The Complainant was incorporated on June 30, 2020.

On July 20, 2021, a person using the name Alex Schleifer contacted the Complainant via its customer service channel and stated: “Hi. I own the Metamask.com domain name. I wasn’t actively looking to sell it but just received an offer from someone. Thought I’d reach out to you before I committed to selling it. I’ll hold off on selling it for a week or so. Please forward to the appropriate person.” In response to an email from the Complainant enquiring about the asking price, Mr Schleifer replied on July 23, 2021, stating: “I’ve received another interesting offer and wanted to make sure to ask you folks first. We’ve owned this domain for years and there has a been a fair amount of interest lately. He went on to moot a price of ‘6-7 figures’”.

On October 5, 2021, the Complainant emailed Alex Schleifer (to a different email address from the one it used previously) informing him that it appeared that someone had used his identity to try to sell it a domain name relating to one of its brands and claiming that that person had engaged in phishing and fraud campaign after the Complainant declined to buy the disputed domain name. The Complainant asked that, for the purposes of its proposed domain name dispute complaint, Mr Schleifer confirm that he was not the person who approached the Complainant to sell the disputed domain name to the Complainant and that he did not otherwise own the disputed domain name.

Mr Schleifer’s attorney emailed a response on October 6, 2021, stating that Mr Schleifer did in fact own the disputed domain name and insisting that Mr Schleifer had not been involved in a phishing scheme. The attorney stated that his client took the claims seriously and asked for a call to discuss the situation. The Complainant did not respond.

On October 27, 2021, the above registered trade mark was assigned to the Complainant.

5. Parties’ Contentions

A. Complainant

The following is a summary of the Complainant’s contentions.

The Complainant has rights in the mark METAMASK deriving from the registered trade mark and from its use in connection with the Complainant’s software.

The disputed domain name is identical to the Complainant’s trade mark.

The Respondent lacks rights or legitimate interests with respect to the disputed domain name.

The Complainant has not authorised the Respondent to use its trade mark, which is not descriptive. To the best of the Complainant’s knowledge, the Respondent has never been known by the disputed domain name. On the contrary, the Respondent has adopted a fake identity in its dealings with the Complainant.

The Respondent has not used or demonstrated any preparations to use the disputed domain name in connection with a bona fide offering of goods or services. The disputed domain name has not been meaningfully used for commercial purposes since the Complainant’s trade mark was registered. The Respondent’s attempt to sell the disputed domain name show that the Respondent never intended to use the disputed domain name for bona fide purposes.

Furthermore, the Respondent has used the disputed domain name to defraud the Complainant’s customers by confusing them into thinking that the disputed domain name was connected with the Complainant, including by means of phishing emails, and by inducing them to reveal their passwords in order to steal their funds.

The disputed domain name was registered and is being used in bad faith in that the Respondent (1) solicited the Complainant to buy the disputed domain name for “6 to 7 figures” and (2) used the disputed domain name to defraud Internet users.

B. Respondent

The following is a summary of the Respondent’s contentions.

The Complainant’s registered trade mark rights did not exist when the Complaint was filed because the registered trade mark was only assigned to the Complainant thereafter. Nor has the Complainant argued for acquisition of secondary meaning insofar as it relies on common law rights.

The Respondent possesses rights or legitimate interests in the disputed domain name.

The Respondent acquired the disputed domain name for use in association with software it was developing for design of custom e-cards and it has made demonstrable preparations to use the disputed domain name before having notice of this dispute.

The Respondent did not interact with the Complainant using a fake identity, a claim which the Complainant knew to be untrue as the Respondent’s attorney had emailed it to confirm the position.

The Respondent has not engaged in any phishing or fraud. The disputed domain name has experienced almost no traffic in the last 10 years and the mail configuration has been blank for at least four years. A third party has spoofed an email address incorporating the disputed domain name. The relevant links in a phishing email, and a customer complaint email, in fact lead to websites that are not connected with the disputed domain name itself. The Complainant’s serious accusations regarding criminal conduct are unfounded and could have been disproven by a simple and routine investigation.

The disputed domain name has not been registered and used in bad faith.

The Respondent has not engaged in a criminal scheme.

Furthermore, the Complainant must prove both registration and use in bad faith. Even if the Complainant has rights in the term “Metamask”, the Respondent’s registration of the disputed domain name predates such use by a decade. The Respondent could not have been aware of the existence of the Complainant when it registered the disputed domain name and could not have acquired the disputed domain name for the purpose of sale to the Complainant.

The Complainant has engaged in reverse domain name hijacking.

Rather than continue to negotiate in good faith, the Complainant filed this proceeding alleging that the Respondent was using a fake identity and was engaged in a criminal enterprise, whilst ignoring correspondence from the Respondent’s attorney concerning these matters.

The Complainant’s accusations of criminal conduct are objectively baseless. Either the Complainant did not engage in a reasonably prudent investigation into its evidence of criminal activity, or it ignored the plain evidence that the Respondent was not the guilty party.

Furthermore, the nature of the negotiations show that the Complainant did not actually believe that the Respondent was acting in bad faith.

The Complainant has abused this administrative proceeding. No factors are in the Complainant’s favour and there was no prospect that it would prevail.

6. Discussion and Findings

Under the Policy, the Complainant is required to prove on the balance of probabilities that:

– the disputed domain name is identical or confusingly similar to a trade mark in which the Complainant has rights;

– the Respondent has no rights or legitimate interests in respect of the disputed domain name; and

– the disputed domain name has been registered and is being used in bad faith.

A. Preliminary – Identity of the Respondent

The Registrar has identified Justin Pietroni, Netymology Ltd. as the registrant(s) of the disputed domain name. The Response, which is filed on behalf of Netymology Ltd., states that Alex Schleifer is associated with that company and has authority to act on its behalf. In these circumstances, all references to “the Respondent” below should be treated as including all of these persons/entities except where otherwise stated.

B. Identical or Confusingly Similar

The Complainant relies on a registered trade mark for METAMASK. The Respondent objects that this trade mark was only assigned to the Complainant after the date of filing of the Complaint. However, the trade mark was formerly owned by Aaron Davis, who the Panel understands is the founder of the Complainant. In these circumstances, the Panel thinks it reasonable to infer that the Complainant has rights in the trade mark for the purpose of standing to file the Complaint – see section 1.4.1 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”).

Disregarding the Top-Level Domain (“TLD”) suffix, the disputed domain name is identical to the Complainant’s trade mark. Accordingly, the Panel finds that the Complainant has established the first element of paragraph 4(a) of the Policy.

C. Rights or Legitimate Interests

It is unnecessary to consider this element in light of the Panel’s finding under the third element below.

D. Registered and Used in Bad Faith

Section 3.8.1. of the WIPO Overview 3.0 observes that, except for limited circumstances involving registration of a domain name to capitalise on nascent trade mark rights, panels will not normally find bad faith on the part of the respondent where a respondent registers a domain name before the complainant’s trade mark rights accrue.

It is not in dispute that the Respondent acquired the disputed domain name in 2005, whereas the Complainant’s trade mark rights only arose in 2016 at the earliest.

As the Complainant and its rights did not exist in 2005, the disputed domain name could not have been registered in bad faith. This is fatal to the Complainant’s case, irrespective of the nature of any later use1 of the disputed domain name, as the Complainant is required to prove both registration and use in bad faith.

For the above reasons, the Panel considers that the Complainant has failed to establish the third element of paragraph 4(a) of the Policy.

E. Reverse Domain Name Hijacking

Paragraph 15(e) of the Rules provides that, if “after considering the submissions the panel finds that the complaint was brought in bad faith, for example in an attempt at Reverse Domain Name Hijacking or was brought primarily to harass the domain-name holder, the panel shall declare in its decision that the complaint was brought in bad faith and constitutes an abuse of the administrative proceeding”. Reverse Domain Name Hijacking (“RDNH”) is defined under the Rules as “using the UDRP in bad faith to attempt to deprive a registered domain-name holder of a domain name”.

See examples of the reasons articulated by panels for finding RDNH at section 4.16 of the WIPO Overview 3.0.

The Panel considers that the following circumstances, taken together, warrant a finding of RDNH.

First, the Complainant has failed by a large margin. In the Panel’s opinion, the Complainant knew or at least should have known that it could not prove one of the essential UDRP elements. The Complainant quoted extensively from UDRP case law and the Panel thinks it unlikely that the Complainant was unaware of the current overwhelming view of UDRP panellists as to the need to prove registration as well as use in bad faith. Indeed, the discussion of the third element in the Complaint is simply headed: “The domain name is being used in bad faith”, i.e., omitting the requirement for registration in bad faith.

Second, the Complaint lacks candour in that it makes no mention of either (a) the Complainant’s email to Mr Schleifer of October 5, 2021, stating that someone had apparently adopted Mr Schleifer’s identity to try and sell the disputed domain name to the Complainant and had thereafter used the disputed domain name for phishing/fraud or, more importantly, (b) the October 6, 2021, response from Mr Schleifer’s attorney confirming that Mr Schleifer did own the disputed domain name (and denying his involvement in phishing/fraud). Even if, despite this email, the Complainant still somehow harboured doubts about the identity of the person who approached it to sell the disputed domain name, and notwithstanding that ultimately nothing turned on this issue given the lack of registration in bad faith, the Complainant ought not to have relied on the alleged use of a fake identity without at least mentioning the denial by the attorney for the very person whose identity was allegedly faked.

7. Decision

For the foregoing reasons, the Complaint is denied, and the Panel finds that the Complaint was brought in bad faith and constitutes an abuse of the administrative proceeding.

Adam Taylor
Sole Panelist
Date: December 9, 2021

1 The Panel would add that the Respondent has put forward what appears to the Panel to be a credible case to the effect that it was not the party responsible for the phishing and fraudulent activities associated with the disputed domain name.

Copyright © 2022 DomainGang.com · All Rights Reserved.

Leave a Reply

Your email address will not be published.

 characters available