Microsoft calls blockchain domains ‘the next big threat’

“The next big threat” is how Microsoft’s latest annual security report characterizes domain names written into a distributed ledger maintained across a constellation of computers instead of stored in a traditional, centralized registry.

Storing domain names on a blockchain can make them difficult to shut down or even trace to their owners. It also leaves them inaccessible without special software or settings.

“In recent years, we have observed blockchain domains integrated into cybercriminal infrastructure and operations,” the report says, nodding to Microsoft’s experience last spring disrupting a botnet called Necurs.

That botnet used a domain-generating algorithm to create new hosts in bulk—including under the .bit blockchain top-level domain, leaving them unable to be policed like a .com or other standards-compliant domain.

The potential for abuse led a group called OpenNIC, which promotes alternatives to the traditional domain-name system, to vote in 2019 to block the .bit domain lest the organization be “directly responsible for the creation of a whole new class of malware.”

Adds Microsoft’s report: “This trend of threats leveraging blockchain domains as infrastructure with the means to create an undisputable criminal network should be taken seriously.”

Can’t stop ’em

Among proponents of a decentralized internet, meanwhile, you’ll see a common response to the critique that blockchain domains can’t be taken down: Yes, that’s correct.

As the sales pitch on the homepage of one blockchain-domain registrar, Unstoppable Domains, reads: “Unlike traditional domains, Unstoppable Domains are fully owned and controlled by the user with zero renewal fees ever (you buy it once, you own it for life!).”

It quotes one-time registration fees ranging from $20 to $100 under such blockchain top-level domains as .crypto, .wallet, .coin, .888 and .x, although costs can escalate dramatically for shorter, more memorable domains. For example, potomacriver.x would cost $100 versus $7,500 for potomac.x.

Over email, Unstoppable Domains CEO Matthew Gould rejected the idea that his San Francisco-based company is an irresponsible actor. He noted the company’s…