A coordinated campaign targeting ultra-valuable country-code domains exploited weak transfer processes, forged identities, and a self-styled registrar to hijack digital assets—including government and single-character domains. Here’s how the scheme unfolded, why it matters for every infrastructure and security team, and what needs to change in the domain ecosystem now.