Domain Theft

Domain theft is the end result of a successful domain hijacking attack: the name has been moved, via an unauthorized transfer, to a registrar or account controlled by the attacker, severing the rightful owner's access entirely. The attack typically begins with account compromise — through phishing, leaked credentials, or social engineering of registrar support — followed by disabling protections and submitting a transfer using the auth-code obtained from inside the account. Recovery is difficult and slow: ICANN dispute procedures can take months, and in the interim the stolen domain may resolve to malicious content or be transferred again. The best defenses are layered prevention: keep the transfer lock enabled, use strong unique credentials with hardware MFA, and register high-value names under registry-lock programs. On Namefi, the on-chain token provides an independent, cryptographically verifiable ownership record that can support recovery claims and establishes a clear prior-ownership trail even if the registrar account is compromised. Source: ICANN Name Holder FAQs.