pull down to refresh

@daily_btc_lore | Daily Bitcoin History Threads

July 16, 2013 | 13 years ago today

Namecheap's Zero-Confirmation Bitcoin BetNamecheap's Zero-Confirmation Bitcoin Bet


On July 16, 2013, Namecheap became the first major domain registrar to accept Bitcoin. That alone would have earned it a line in the merchant-adoption ledger of that year. But the detail that made engineers sit up was buried in the implementation: Namecheap delivered your domain the instant your payment hit the network, before a single miner had confirmed the transaction. CoinDesk reported the launch the same day, noting the zero-confirmation policy right in the headline:

https://www.coindesk.com/markets/2013/07/16/domain-registrar-namecheap-now-accepts-bitcoin-with-zero-confirmations

The company framed the move as a response to months of customer requests, saying it was "pleased to announce we've listened to your feedback." That feedback loop was no accident. Namecheap's customer base had been seeded with exactly the kind of people who would ask for Bitcoin, and the story of how that happened is worth telling on its own.

What Zero Confirmations Actually MeansWhat Zero Confirmations Actually Means

A Bitcoin transaction goes through two distinct phases that newcomers often conflate. First, the sender broadcasts a signed transaction to the peer-to-peer network. Within seconds, most nodes on the network have seen it and placed it in their mempool, the waiting room of unconfirmed transactions. Second, a miner includes the transaction in a block, at which point it has one confirmation. Each subsequent block buries it deeper, and each layer of burial makes reversing it exponentially more expensive.

The gap between those two phases is where the risk lives. An unconfirmed transaction is a promise, not a settlement. Nothing in the protocol prevents the sender from signing a second, conflicting transaction that spends the same coins to a different address, perhaps with a higher fee to make it more attractive to miners. If the conflicting transaction confirms first, the original one becomes invalid and simply evaporates. The merchant who shipped goods against it gets nothing. This is the double-spend attack, and it is the precise problem Bitcoin's proof-of-work consensus was invented to solve, but the solution only kicks in once confirmations start accumulating.

That is why the standard merchant playbook in 2013 was to wait. One confirmation took roughly ten minutes on a good day. Cautious merchants waited for six, the number Satoshi's whitepaper analysis suggested made reversal impractical, which meant an hour or more between payment and delivery. For an online checkout flow, an hour is an eternity. Namecheap looked at that trade-off and chose the other side: activate the purchase at broadcast, and accept the double-spend exposure as a cost of doing business.

Why Domains Made the Math WorkWhy Domains Made the Math Work

The calculated part of the bet was that domains are not coffee. If someone double-spends a cafe, the espresso is gone and the barista eats the loss. A domain name is different in two ways that matter.

First, it is revocable. A registrar sits at the top of the administrative chain for the names it sells. If a payment turns out to be fraudulent, Namecheap could claw the domain back, suspend it, or refuse to renew it. The attacker's prize could be confiscated after the fact, which changes the expected value of the attack from "free domain" to "temporarily borrowed domain plus a burned account."

Second, the payoff is small and traceable to an account. Domains cost around ten dollars. Pulling off a double-spend against a merchant reliably requires effort: crafting conflicting transactions, timing propagation, possibly coordinating with hash power. Doing all that to briefly hold a ten-dollar domain registered to an account the registrar controls is economically absurd. Zero-confirmation acceptance was not recklessness. It was a merchant correctly pricing its own risk profile instead of copying everyone else's, and it made the Bitcoin checkout experience feel instant in an era when the currency was routinely criticized as too slow for commerce.

The Debt to Move Your Domain DayThe Debt to Move Your Domain Day

Namecheap did not stumble into a Bitcoin-friendly customer base. It had recruited one eighteen months earlier.

In late 2011, the Stop Online Piracy Act was moving through the US Congress, and the internet's technical community regarded it as an existential threat to the open web, with provisions for DNS blocking that struck at the infrastructure layer itself. GoDaddy, then the dominant registrar, appeared on a list of SOPA supporters. The backlash was immediate and organized: a Reddit-driven boycott crystallized into "Move Your Domain Day" on December 29, 2011, and Namecheap positioned itself as the destination, offering discounted transfers and donating a portion of proceeds to the Electronic Frontier Foundation. Thousands of domains moved, and the EFF donation ultimately exceeded $100,000.

The people who transfer their domains over an internet-freedom protest are, to a first approximation, the same people who were reading about Bitcoin in 2011 and 2012. Privacy advocates, developers, digital-rights activists, cypherpunks. When Namecheap said it had been fielding months of requests for Bitcoin payments, that was the sound of the exact customer base it had courted asking the exact question that base would ask. The July 2013 announcement was less a pivot than a payoff.

Paying for Infrastructure Without a NamePaying for Infrastructure Without a Name

There was also a deeper resonance between the product and the payment method. In 2013, registering a domain meant handing over a credit card, which meant tying a piece of internet infrastructure to your legal identity through the banking system. For most people that was a non-issue. For a dissident publishing under a repressive government, a security researcher who preferred separation between projects and person, or a developer who simply valued privacy, it was a real constraint.

Bitcoin severed that link. A domain paid for with bitcoin could be provisioned without a bank ever learning who bought it. This was not a novel dream; the cypherpunk mailing lists of the 1990s had sketched exactly this pairing of anonymous digital cash with pseudonymous online presence, decades before either half existed in practical form. Namecheap accepting Bitcoin was one of the first times a mainstream company made that particular cypherpunk sketch into a product anyone could use at checkout. It is also worth remembering that the community had already built its own answer in Namecoin, the 2011 Bitcoin fork that put domain records directly on a blockchain. Namecheap's move was the pragmatic version of the same instinct: keep the ordinary DNS, fix the payment layer.

One More Name Says YesOne More Name Says Yes

The announcement landed in the middle of a distinct phase of Bitcoin history: the merchant wave of 2013. The price sat near $90 that July, well off the $266 peak from April's rally and crash, and the ecosystem was busy proving that Bitcoin was more than a trading chart. WordPress had broken the seal in November 2012, becoming the first household internet name to accept bitcoin. Reddit followed in February 2013, OKCupid in April. Each announcement was individually modest, but collectively they were doing something important: every recognizable brand that said yes lowered the perceived risk for the next one, and gave the next internal champion at the next company a precedent to point to.

Namecheap's entry added something the earlier adopters had not: a piece of core internet infrastructure, and an implementation confident enough to hand over the product before the network had even settled the payment. Thirteen years on, zero-confirmation acceptance has largely vanished from Bitcoin commerce, made obsolete by fee markets, replace-by-fee, and eventually Lightning. But in July 2013 it was a small, sharp demonstration that a merchant who actually understood the protocol could make Bitcoin payments feel instant, and could do the risk arithmetic themselves rather than waiting for permission.


Part of an ongoing series on Bitcoin history. Follow @daily_btc_lore on X for daily threads.