One step forward or three steps back? The case of NFT/crypto domains

You have most likely heard about NFT domain names, also known as crypto domains. We all know about domain names, crypto, and even NFT (well, to the best extent that anyone can know about NFT), but how do they all connect? And should you be worried about them?
An NFT-crypto domain is a decentralized domain name that can be both linked to a crypto wallet address and/or operating website domain. These domains can be used as a universal username across apps, websites, Website URLs, and payment addresses for wallets.
Unlike regular TLDs (URL domains), NFT domains are not associated with the Internet Corporation for Assigned Names and Numbers (ICANN), or any traditional internet. This implies several outcomes:

NFT domains are not resolved on ICANN’s domain name system, and therefore do not belong to the worldwide web.

An NFT domain page visitor will have to install an extension to his browser to access the page.

A customer will only have to do a one-time purchase for the NFT domain. No annual registration fees required.

They are anonymous and immutable: if an NFT domain is bought, the owner is untraceable.

Another important attribute is that businesses are limited in their takedown actions. Monitoring is a huge challenge and enforcing is almost impossible. Legally, A buyer has no central authority to turn to, and the domains’ owners do not answer to any Right Protection Mechanisms. This new market is not regulated and most scams will stay unpunished. That’s why the fact that most people cannot access crypto domain-based websites unless they download a designated browser extension.


With novelty comes uncertainty, and NFT domains are full of grey areas that the law does not cover. These domains are a weak spot, an uncovered threat that is very challenging to both monitor and enforce. Cases of typosquatting, infringement, phishing, and high-level impersonations have all been identified among NFT-crypto domains. All these cases can be separated into two main types of scams:

Cyber Security Scams

When an NFT domain is used as a website and an e-wallet to promote cryptocurrency scams on a financial company, it is called an e-wallet scam. First, an NFT domain is registered with a name that includes a genuine bank name: RealBankNamePayment.crypto. The domain is presented as a legitimate additional payment channel. Customers leave their personal details and pay money to this untraceable source.

Intellectual Property Scams

In the case of NFT domain typosquatting, a scammer impersonates a genuine company to promote fake sales fraud or NFT scams. First, they register an NFT domain that includes a genuine brand name: such as BrandMarket.crypto. They promote it as a website that sells genuine brand products. Customers would then leave their personal information and pay this untraceable shop to an untraceable e-wallet.

In our example, the bank that owns the original domain name will suffer from long-term consequences and lose customers, money, and reputation.

The Solution

The challenges mentioned above are not new to BrandShield. We have been researching this matter and discussed it with industry leaders and NFT domain registrars. However, these unique circumstances make it almost an impossible mission to enforce on NFT domains, especially if you lack the knowledge and means. The good part is that it is not a simple task for people to access crypto domain sites.

NFT domain registrations

Protect your brand and traditional domains by registering the important misleading NFT domains (including typos) with a crypto domain provider. If you control them, then they will not become fraudulent. This solution only helps to an extent, big brands will have to register hundreds of domains and even more.

API registration monitoring

Technology-based solutions can utilize NFT domain registrar APIs. Some leading platforms share some of their data via API. Technological solutions can use this API to monitor NFT domain registrations to some extent.

Purchase typosquatting NFT domains

NFT domain ownership is unlimited and similar to any other asset or commodity (unlike traditional domains that are temporarily registered). Like other commodities, they can be sold and change ownership. A brand owner can redeem the infringing NFT domain through negotiating services if it was bought by a scammer or a potential investor.

Block and remediate phishing and fraud on NFT domains

Just like with any phishing or high-level threat that can damage the public, you can block and report NFT domains performing phishing attacks. Let your customers and employees know that this site is dangerous.

Good relations with NFT domain registrars

Good relations with NFT domai n registrars and some help from them can go a long way sometimes. These registrars are keen on being recognized by genuine brands, bringing business and prestige to NFT domain registrars and the entire young industry.

“Crypto and NFT markets have become increasingly vulnerable to attacks from scammers looking to capitalize on investor and trader interest. With their ability to protect against these attacks, BrandShield is a critical weapon in the fight to remove phishing attacks and threats from brand impersonators and bad actors.”

Sebastien Borget

Chief Executive Officer