Opeyemi Awoyemi is a technology entrepreneur. Asides founding Jobberman, the job site; he founded Whogohost, a leading Nigerian domain registrar with 60% .ng market share and also manages a domain registry. He tweets via @opeawo
This week, Nigerians woke up to the news that gtbank.com was down.
As an expert in the domain space for over 18 years, I deem it important to put some facts out there to inform the public on the issue. I founded a leading domain registrar, Go54, formerly known as Whogohost that serves over 150,000 businesses and organizations in Nigeria with domain and hosting services including GTBank and now also manages a domain registry (.cv).
GTBank’s downtime has been chalked up to a failure to renew their domain name. Public WhoIs records dating as far back as 2021 refutes that. GTBank has been with the same registrar (Register.com) over the years and its nameservers remain the same in the records below from 2020 and 2024 (see updated date). Nothing has changed in the domain configurations.
The records further reveal that the GTBank.com domain was registered with Wild West Domains LLC as far back as 2011, then moved to Register.com in 2017. In the same year, they added a privacy service to shield the ownership of the domain. This is a common practice to protect personal privacy (I highly recommend this if your registrar offers it) and does not imply any wrongdoing or intent to cover up. This is why the domain contact shows up as PERFECT PRIVACY, LLC.
The real issue lies with the service itself.
In my research, I was also able to pull all their historical A, MX and TXT records to see if anything had changed. The only change is the above, where a new A record has been added on 16th of August to point to servers at Confluence Networks. Domains typically use multiple A records to manage load balancing or redundancy.
This suggests that there is an issue on the website they are trying to fix and this could be a data center issue, human error or something much more sinister like a DDOS attack (denial of service) or ransomware attack.
Several financial institutions have been hit in the past with the latter, and if history is anything to go by, the bank is probably doing what every bank is likely to do: keep the real issues to themselves.
My experience in the domain space and the recent CrowdStrike issue have made me realise that sometimes technology and human error fail us and we need more or another technology to fix or prevent things. Though super useful and nearly indispensable, the internet is also becoming an increasingly dangerous place and we all need to be careful.
Is the GTBank issue a case of incompetence? Unlikely. Incompetence is easy to fix: change records and deploy. It’s #GTBankFail today and it might be another financial institution’s tomorrow. This is one truth about how technology can fail firms.
There’s a lot of things you, the average Dauda or Yemisi can’t control. But these you can do. Do not put your eggs in one basket. Your eggs are whatever account balance you have, be it ₦10,000 or ₦100 million. Have multiple bank accounts. Use two-factor authentication. Use different passwords for your email and banking apps (even if you need to come up with a formula that only you know). Where possible, use passwordless logins.
Stay safe and informed.
