The Sex.com Heist: How a Forged Fax Sparked the Wildest Domain Theft in Internet History

By:

Andrew Richard

August 26, 2025

•

5 min read

When it comes to domain names, there’s valuable, there’s premium, and then there’s sex*com. In the mid-1990s, it wasn’t just a piece of digital real estate, it was an icon waiting to happen, the kind of name that could dominate traffic charts and command fortunes in ad revenue. And in 1995, it was stolen in a way so bold, so absurdly simple, that it remains one of the most infamous internet crimes ever committed. The theft didn’t involve hackers, malware, or even a sophisticated social engineering plot. It took a single forged fax and a registrar willing to process it without so much as a phone call.

Quick Facts: The Sex*com Saga

Original Owner: Gary Kremen, founder of Match.com, registered in May 1994.
Thief: Stephen M. Cohen, who used a forged fax to steal the domain in 1995.
Revenue During Theft: Estimated $50,000–$500,000 per month from adult advertising.
Legal Outcome: $65 million judgment for Kremen; domain legally recognized as property.
Cohen’s Fate: Fled to Mexico, arrested in 2005, much of the judgment unpaid.
Sale Price: Sold by Kremen to Escom LLC in 2006 for a reported $14 million.
Legacy: Landmark legal precedent for domain name property rights.

How Gary Kremen Became Owner of the Internet’s Most Infamous Domain

Gary Kremen, an entrepreneur with a knack for spotting online opportunities, had already made waves as the founder of Match.com. In 1994, when domain registration was a little-known process managed by Network Solutions and free of today’s cutthroat competition, he registered sex*com under his company, Online Classifieds Inc. Like many early domain acquisitions, it wasn’t an immediate business venture, more of a strategic placeholder for something that might come later. Kremen’s focus was elsewhere, building his dating platform and exploring other projects. Sex*com remained undeveloped, just another record in the registrar’s database. What he didn’t know was that this undeveloped asset would soon become the target of a career conman, and that its quiet existence was about to end.

Stephen Cohen: The Con Artist Who Stole a Domain with a Fax

Stephen Michael Cohen was no stranger to fraud. By the mid-90s, he had already amassed a history of legal trouble, from credit card scams to shady real estate deals. In 1995, he spotted an opportunity that was as lucrative as it was low-tech. Cohen drafted a letter on forged Online Classifieds letterhead, claiming Kremen had been “terminated” from the company and had abandoned the domain. He faxed the letter to Network Solutions, requesting that the ownership of sex*com be transferred to him. No one at the registrar picked up the phone to verify the claim, asked for legal documentation, or even contacted Kremen to confirm. They simply processed the transfer. In a single day, Cohen had taken control of one of the most valuable domains in existence, without spending a cent.

Stephen Cohen’s Business Card

Turning Sex*com into a Cash Machine

Once he had control, Cohen wasted no time in monetizing his stolen prize. He transformed sex*com into a sprawling adult entertainment portal, filled with ads, affiliate links, and traffic funnels. In the Wild West days of the internet, before strict advertising regulations and age verification protocols, such a domain was a license to print money. Reports from the time suggest that Cohen was earning anywhere from $50,000 to $500,000 per month in revenue, much of it through ad networks eager to cash in on the internet’s most obvious keyword. The site became a traffic juggernaut, drawing millions of visits, while Kremen, still unaware of exactly how the theft had been pulled off, watched from the sidelines as his property was turned into a digital empire he no longer controlled.

The Legal Battle That Changed Cyberlaw

By 1998, Kremen was ready to fight back. He filed suit against Cohen for fraud and conversion, and also went after Network Solutions for negligence in transferring the domain without proper authorization. The case wound its way through the courts for years, with Cohen employing every delaying tactic imaginable, moving money offshore, hiding assets, and even relocating to Mexico to avoid paying damages. In 2001, a U.S. District Court awarded Kremen $65 million in damages ($40 million in compensatory and $25 million in punitive) and ordered the return of the domain. Cohen ignored the ruling, but Kremen’s persistence eventually paid off. In 2003, the Ninth Circuit Court of Appeals issued a landmark decision: domain names are legally considered property, capable of being owned, stolen, and recovered under the law. It was a precedent that would ripple through internet law for decades, giving weight to the idea that digital assets were every bit as tangible as physical ones.

Cohen Flees, Justice Lumbers Forward

Even with a judgment against him, Cohen proved slippery. He moved to Tijuana, Mexico, avoiding U.S. jurisdiction while still allegedly profiting from the stolen domain. He was eventually arrested in 2005 and extradited back to the United States, but much of the $65 million judgment went unpaid. For Kremen, the legal fight had been long, exhausting, and costly, but by 2000, he had finally regained control of sex*com, reclaiming the digital property he had registered nearly a decade earlier.

The Payoff and the Sale Heard Around the Web

In January 2006, Kremen sold sexcom to Escom LLC for a reported $14 million, at the time one of the largest public domain sales in history. While the site continued under various ownerships, and never quite lived up to its commercial potential, the sale cemented sex*com’s reputation as a symbol of the domain gold rush. It also closed the chapter on one of the internet’s longest and strangest property disputes, though the story of how it was stolen remains the part most people remember.

Why the Sex*com Case Still Matters

The Sex*com saga isn’t just a salacious bit of dot-com trivia, it’s a turning point in the history of internet governance and digital property rights. Before Kremen v. Cohen, the legal standing of a domain name was murky, with registrars tending to view them as revocable licenses rather than actual property. This case changed that; it made clear that domains have measurable value, can be subject to theft, and deserve the same protections as more traditional forms of property. The precedent it set still gets cited in disputes today, and it stands as a warning to anyone who assumes registrars will automatically guard their assets.

Lessons for Today’s Domain Owners

The theft of sex*com happened in a pre-2FA, pre-privacy-lock era, but the underlying lesson hasn’t changed: valuable domains need proactive protection. Modern domain owners can safeguard themselves by enabling registrar transfer locks, using unique and complex login credentials, and turning on two-factor authentication wherever possible. It’s equally important to keep WHOIS contact information current and to register through reputable companies with strong security practices. For premium domains, some owners even keep them in corporate holding structures to add another legal layer of defense.

A domain isn’t just an address you happen to hold, it is an asset you are responsible for protecting. The sex*com saga proves that ownership without vigilance is fragile, and that every domain carries the weight of an investment. Treat it like property that can appreciate, be defended, and create lasting value, because in the digital economy, that is exactly what it is.

‍