One step forward or three steps back? The case of NFT/crypto domains

You most likely heard about NFT domain names, also known as crypto domains. We all know about domain names, crypto, and even NFT (well, to the best extent that anyone can know about NFT). But how do they all connect? And why should you be worried about them?
An NFT-crypto domain is a decentralized domain name that can be both linked to a crypto wallet address and/or operating website domain. These domains can be used as a universal username across apps, websites, Website URLs, and payment addresses for wallets. Among the leading domain providers, Unstoppable Domains has released 8 level NFT domain names: .bitcoin, .coin, .nft, .blockchain, .888, .wallet, .x, and .dao.
Unlike URL domains, NFT domains are not associated with the Internet Corporation for Assigned Names and Numbers (ICANN), or any traditional internet. This implies several outcomes:

NFT domains are not resolved on ICANN’s domain name system, and therefore do not belong to the worldwide web.

An NFT domain page visitor will have to install an extension to his browser to access the page.

A customer will only have to do a one-time purchase for the NFT domain. No annual registration fees required.

They are anonymous and immutable: if an NFT domain is bought, the owner is untraceable.

In addition to these elements, the most important consequence to remember is that businesses are limited in their takedown actions. Monitoring is a huge challenge and enforcing is impossible. Legally, A buyer has no central authority to turn to, and the domains’ owners do not answer to any Right Protection Mechanisms. This new market is not regulated and most scams will stay unpunished.


With novelty comes uncertainty, and NFT domains are full of grey areas that the law does not cover. These domains are weak spot, an uncovered threat that is very challenging to both monitor and enforce. Cases of typosquatting, infringement, phishing and high-level impersonations have all been identified among NFT-crypto domains. All these cases can be separated into two main types of scams:

Cyber Security Scams

When an NFT domain is used as a website and an e-wallet to promote cryptocurrency scams on a financial company, it is called an e-wallet scam. First, an NFT domain is registered with a name that includes a genuine bank name: RealBankNamePayment.crypto. The domain is presented as a legitimate additional payment channel. Customers leave their personal details and pay money to this untraceable source.

Intellectual Property Scams

In the case of NFT domain typosquatting, a scammer impersonates a genuine company to promote fake sales fraud or NFT scams. First, they register an NFT domain that includes a genuine brand name: such as BrandMarket.crypto. They promote it as a website that sells genuine brand products. Customers would then leave their personal information and pay this untraceable shop to an untraceable e-wallet.

In our example, the bank that owns the original domain name will suffer from long-term consequences and lose customers, money, and reputation.

The Solution

The challenges mentioned above are not new to BrandShield. We have been researching this matter and discussed it with industry leaders and NFT domain registrars however, these unique circumstances make it almost an impossible mission to enforce on NFT domains, especially if you lack the knowledge and means.

NFT domain registrations

Protect your brand and traditional domains by registering the important misleading NFT domains (including typos). If you control them, then they will not become fraudulent. This solution only helps to an extent, big brands will have to register hundreds of domains and even more.

API registration monitoring

Technology-based solutions can utilize NFT domain registrar APIs. Some leading platforms share some of their data via API. Technological solutions can use this API to monitor NFT domain registrations to some extent.

Purchase typosquatting NFT domains

NFT domain ownership is unlimited and similar to any other asset or commodity (unlike traditional domains that are temporarily registered). Like other commodities, they can be sold and change ownership. A brand owner can redeem the infringing NFT domain through negotiating services if it was bought by a scammer or a potential investor.

Block and remediate phishing and fraud on NFT domains

Just like with any phishing or high-level threat that can damage the public, you can block and report NFT domains performing phishing attacks. Let your customers and employees know that this site is dangerous.

Good relations with NFT domain registrars

Good relations with NFT domai n registrars and some help from them can go a long way sometimes. These registrars are keen on being recognized by genuine brands, bringing business and prestige to NFT domain registrars and the entire young industry.

“Crypto and NFT markets have become increasingly vulnerable to attacks from scammers looking to capitalize on investor and trader interest. With their ability to protect against these attacks, BrandShield is a critical weapon in the fight to remove phishing attacks and threats from brand impersonators and bad actors.”

Sebastien Borget

Chief Executive Officer