Statement on “Security Incident”

Yesterday evening, I received a text message from a colleague asking me if I had seen the website. I had opened a transaction a few hours earlier, and I did no I then did a hard refresh, and I saw that the homepage had been seemingly taken down and there was a message in plain text across the top of the website. I reached out to and was told they were working to resolve the issue, and that it did not involve any unauthorized access to internal data.

I visited this morning, and it appears that the website is up and running. I followed up with a couple of emails this morning asking for more details about what happened and if any internal data or account information was compromised. Jackson Elsegood, General Manager of, just replied to me with a link to a statement about the issue from CEO Matt Barrie ( owns

Sydney, March 31st 2020

Dear Customers:

At 5:07pm PST today, hackers got access to our domain registry account for the domain through a breach of our domain registrar’s systems.

Our team immediately learned of the situation and within minutes were working with the registrar to regain access to the account. We regained control of DNS by approximately 7:00pm PST.

During the incident the hackers changed the DNS records for to point to to a third party web server that displayed the following message:

Escrow Security Incident

We wish to make clear that:

  • No systems were compromised.
  • The registry account solely contained owned domains.
  • No accounts holding customer domains were compromised.
  • No customer data was accessed.
  • No customer funds were accessed or at risk.

During the incident, our security team managed to talk to the hacker on the phone. For over an hour the hacker attempted to convince what he thought were domain registry operations to regain access to the account.

During this phone call, our security team learned that the route of entry was that the hacker had unlawfully accessed our registrar’s internal support systems and was using them to make changes on’s account.

Over the coming days, we will be discussing the experience publicly to educate the wider community on these hacking and social engineering techniques.

We wish to thank the domain registrar for their speed and coordination with us in resolving this matter.


Matt Barrie
Chief Executive



Update: GoDaddy has issued a statement in response to this.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn


  1. I got an email from Marriott International that

    Dear Valued Guest,
    We are writing to let you know that some of your information may have been accessed without authorization.

    oh well….

    That what happens when lots of people are working remotely…

  2. This is exactly why you should care whether or not your escrow agent is also a registrar. It is classic counter-party risk. If domains goes missing, whose fault would it have been? You should also care a lot whether the escrow agent will certify a transaction protecting buyer or seller against future clawbacks.

      • That *fallacious* conversation about being “licensed” was already completed 1,000 miles ago, in case anyone recalls. And I even pointed out personally that probably no one who comments in these blogs has as much real world professional experience addressing the “licensing” requirements of other businesses as I do – if even one person has any such experience at all. It’s nonsense. I will never use again either to buy or sell if I can help it even if their stack of “licenses” could reach the sky, don’t want to, and would *much* rather use Epik than a 1,000 times over.

        • “I will never use again . . . ”

          Serious question John: Why? Their ID-verification requirements? Something else?

        • After the ownership change and loss of the golden era of Brandon Abbey, I encountered a strange and unprecedented problem relating to one of the most basic things any online account entails. Till then I had been doing something normal people need to do a million times over. It’s the kind of thing that should not even have been happening, and is a no-brainer the size of an elephant. Instead of fixing the problem, the experience with support was a kafkaesque nightmare. The whole thing went on for a long time, was very insulting, and to my knowledge was never even fixed. Maybe it was eventually fixed, since it’s the kind of thing that would cause problems for people, but after all that I never even bothered to check anymore.

          Anyone ever dealt with “RegisterFly” in bygone years? It was even worse than the worst experience there, because they didn’t even pretend to be doing the right thing.

          That alone was enough to make me not want to use them anymore, but then the new verification requirements that emerged are a deal breaker all by themselves.

  3. That why I nominated Rob at Epik the best registrar.

    We might agree or/and disagree with him but that not the point.
    The point is he is the face behind his company and he is always contributing to the domain community. We know where he lives, what he eats and what he likes….so tell me do other CEOs or other owners of the other registrars you know do that?
    Rob at Epik is the only one that is here for us…. and he gives excellent customer service!


Please enter your comment!
Please enter your name here

Recent Posts

Fred Hsu Offers Tips on Domain Name Security

According to Coin Telegraph, there has reportedly been a security incident involving domain names at Squarespace. "Multiple decentralized finance (DeFi) apps were targeted in...

Registrar Where My Last 10 Afternic Sales Landed

After I sell a domain name, I don't pay much attention to it. Occasionally, I will look to see how it is being used,...

DomainLeads Integrated into Email

One of the paid tools I use daily is the email alerts. I created 3 alert emails with different parameters, and each morning,...

Sedo Reports Record Breaking .Game Sale

As of this morning, the largest domain name sale in the .Game extension recorded by Namebio was the $40,888 sale of A.Game. That domain...

When the Best Prospect Goes Under

It feels pretty good when a startup founder wants to buy your domain name. I know the domain name can probably incrementally help the...