How Namecheap and Withheld for Privacy Enable Scam Crypto Projects

By TheHolyCoins Team, 10 days ago
OpinionNamecheapWithheld for PrivacyPrivacyScam PreventionLegit or Scam
Cover Image for How Namecheap and Withheld for Privacy Enable Scam Crypto Projects

If there's one thing that caught our attention in recent years while researching new crypto projects, it was the domain name registrar Namecheap. More specifically, it was the number of suspicious or potentially fraudulent crypto projects conducting presales who registered their domain names with Namecheap. When we dug further into this matter, we discovered that our initial impression was backed by a recent report from Whois API which identified Namecheap as the second-leading registrar associated with malicious domains.

We have also noticed a growing number of people raising questions in forums and on social networks about the connection between questionable early-stage crypto projects, Namecheap, and another associated company called Withheld for Privacy ehf. In this article, we’ll explain that connection and why scam crypto projects and many new crypto presales often favor Namecheap.

How Domain Registrars and WHOIS Records Work Today

When someone registers an internet domain, the domain name information, including the registrant name, address, and other WHOIS contact info, is stored by the chosen domain registrar. Each registrar maintains its own WHOIS service, and anyone can query the registrar’s WHOIS service to reveal the data behind a given domain.

Diagram illustrating the hierarchy of the domain ecosystem: a domain registry at the top, domain registrars in the middle, and individual registrants at the bottom
source: https://www.cyberpunk.rs/domain-name-hierarchy-registry-vs-registrar

If no privacy options are selected during registration, the registrant's information becomes public in the registrar's WHOIS database. This allows anyone to look up domain ownership details using WHOIS service queries and revoke his right to privacy, send spam emails, or even conduct a malicious attack.

How Domain Privacy Protection is Implemented

Many registrants now opt for domain privacy protection services. The most basic privacy service registrars offer is known as 'redact for privacy'. With this service, the registrar redacts most of the registrant information from the WHOIS database records that it keeps. When a query is run on a domain name that has been redacted for privacy, only the state/region and the registrant's country will be returned, while hiding the rest of the fields results in 'Redacted for Privacy', or a similar message.

Beyond simple redaction, some registrars offer a proxy service, where the registrar or an affiliated third-party company appears as the official registrant of the domain in the WHOIS records. Instead of seeing fields labeled "Redacted for Privacy", a query on the WHOIS database will return the proxy entity’s details—often a generic, non-identifying name, address, and contact email controlled by the service provider. The main benefit to the original registrant is that all their details remain hidden from the public, including the state and country, protecting them from unwanted solicitations, spam, or harassment;

The Namecheap Shift to Withheld for Privacy ehf

In 2021, Namecheap switched its domain privacy protection service from WhoisGuard to Withheld for Privacy ehf. According to a Namecheap customer support representative, and as mentioned in a recent The New York Times article, Withheld for Privacy ehf is owned by Namecheap. Withheld for Privacy ehf manages all registrant information by replacing it entirely with its own details in the domain registry's WHOIS records. This means that no identifying information of the real site owner is visible, making it nearly impossible for third parties to trace ownership or verify legitimacy.

A screenshot of Namecheap’s official blog post announcing the transition from WhoisGuard to Withheld for Privacy for domain privacy protection
Namecheap announcement of the transition to Withheld for Privacy. Source: https://www.namecheap.com/blog/domain-privacy-is-changing-at-namecheap

While this setup might serve privacy-conscious users, it creates a significant barrier to transparency. Projects using Withheld for Privacy ehf can effectively shield themselves from accountability, allowing scammers and fraudulent operators to exploit the system without fear of detection.

How Scammers Exploit Namecheap Domain Privacy and Withheld for Privacy ehf

Withheld for Privacy ehf is an Icelandic company registered at Kalkofnsvegur 2 in Reykjavik. Iceland was chosen for the registration of this data protection proxy company due to its strong privacy laws and regulatory environment, making it easier to obscure registrant information.

This means that if someone attempts to reveal the domain owner’s information, even in cases involving suspected criminal activity, accomplishing this is significantly more difficult than in other jurisdictions.

While this added layer of privacy benefits legitimate registrants, it can also support malicious activities by criminals looking to scam and defraud innocent crypto investors.

Who Benefits from Namecheap's Domain Privacy?

Crypto presale projects like Pepe Unchained, Freedum Fighters, and Flockerz, which have raised suspicions in the crypto community before, have taken advantage of Namecheap’s privacy protection. By replacing all registrant details with Withheld for Privacy ehf’s information, and having their information in a jurisdiction known for extreme privacy rules, these project devs effectively avoid being revealed, making it nearly impossible for investors and researchers to verify their legitimacy.

This lack of transparency puts investors at significant risk, as they may unknowingly trust projects with hidden or dubious origins. It also damages the broader crypto community by enabling fraudulent projects to operate unchecked.

Conclusion: What Does All This Mean?

Namecheap is not the only registrar offering privacy services by proxy—other companies, like GoDaddy, provide similar options. These services serve a legitimate purpose for businesses and individuals who want to protect their personal information. However, they also provide cover for scammers and fraudulent projects.

The lack of transparency enabled by these privacy features makes it harder to hold bad actors accountable. This does not mean every project using Namecheap or Withheld for Privacy ehf is a scam, but the inability to trace ownership raises serious concerns.

For investors and researchers, the key takeaway is to exercise extreme caution. Always investigate a project’s team, community, and technical details beyond the domain registration. Privacy services may protect legitimate users but also make it easier for malicious actors to exploit unsuspecting investors.

Disclaimer: This article is not financial advice. Investing in cryptocurrencies involves significant risk, and you should conduct your own research or consult a financial advisor before making any investment decisions.

Share with Your Friends

Related Articles

Best Wallet Crypto Review: Is the $BEST Token Legit or a Scam?
Project Reviews

Best Wallet Crypto Review: Is the $BEST Token Legit or a Scam?

2 days ago
Dex Screener Boost Report: Are Boosted Tokens a Trap for Crypto Traders?
Cryptocurrency News

Dex Screener Boost Report: Are Boosted Tokens a Trap for Crypto Traders?

4 days ago
Dexboss Crypto Presale Review: Is the $DEBO Token Legit or a Scam?
Project Reviews

Dexboss Crypto Presale Review: Is the $DEBO Token Legit or a Scam?

11 days ago
Rexas Finance Crypto Presale: Is the $RXS Token Legit or a Scam?
Project Reviews

Rexas Finance Crypto Presale: Is the $RXS Token Legit or a Scam?

25 days ago