22 Mar 2026

Chichester Baptist Church Website Hijacked: Cybersquatters Run Secret Online Casino for Three Years

Screenshot of the cloned Chichester Baptist Church website featuring virtual roulette tables and slot machines instead of church content

The Unexpected Discovery Shakes a Quiet Community

Parishioners of Chichester Baptist Church in the UK clicked on their familiar domain, chichesterbaptist.org.uk, expecting sermons, event schedules, and spiritual guidance; instead, virtual roulette tables spun alongside digital slot machines, turning a site of faith into a covert gambling hub that operated undetected for three full years. Details surfaced in a court ruling this March 2026, revealing how cybersquatters cloned the entire website, mimicking its layout while overlaying casino games that drew unwitting visitors into bets on red or black, odd or even, and jackpot spins.

Church members first noticed the switch around early 2023, but the hijackers had already embedded the gambling features seamlessly; by the time alerts spread through the congregation, players from across Europe had wagered real money on what appeared as a legitimate church portal. Observers note this case highlights vulnerabilities in domain management, especially for non-profits with limited tech resources, where a simple renewal lapse opened the door to exploitation.

How Cybersquatters Pulled Off the Clone Operation

Cybersquatters registered a near-identical domain or exploited lapsed ownership of chichesterbaptist.org.uk, then mirrored the church's original design—complete with hymn lyrics placeholders swapped for roulette wheel animations and slot reel graphics—while routing bets through offshore servers to evade easy detection. Players deposited funds via common e-wallets, spinning wheels that mimicked European roulette with single-zero pockets, or fed coins into themed slots promising multipliers up to 500x; all this unfolded without the church's knowledge until random clicks revealed the farce.

What's interesting is how the operation sustained itself for three years, processing transactions quietly while the legitimate church site languished offline; experts who've studied domain hijackings point to tactics like automated renewals under false identities, a practice the World Intellectual Property Organization (WIPO) tracks in its global arbitration reports on cyberquatting disputes. That said, the gambling den featured no UKGC branding or local compliance, instead leaning on lax jurisdictions to host live dealer streams and progressive jackpots tied to roulette side bets.

And here's where it gets bizarre: the site even included fake testimonials styled as "congregation praise," repurposed to rave about "life-changing spins" rather than divine interventions, fooling casual visitors who stumbled in via old bookmarks or search results.

Church Launches Legal Fight Against Shadowy Operators

Court documents and screenshots showing the altered church website with gambling elements and retaliatory images posted by hackers

The Chichester Baptist Church team, led by pastors and volunteers, initiated a legal battle in 2023 to reclaim their domain, filing complaints with domain registrars and escalating to UK courts; but the cybersquatters fought back viciously, retaliating by uploading compromising images of church leaders in underwear whenever reclamation attempts surfaced online. According to reports from The Telegraph, this March 2026 ruling exposed the hackers' playbook, including server logs tying activity to a Canadian IP address.

Legal filings detailed how the church submitted evidence of trademark infringement under the church's registered name, arguing the domain dilution harmed their outreach; yet the operators, possibly operating from North America, countered with delays and digital sabotage, posting the underwear photos—sourced from public social media hacks—as a deterrent. People who've followed similar cases, like those arbitrated by WIPO panels, often discover that such retaliation stalls proceedings, buying time for operators to siphon more deposits from roulette enthusiasts chasing en prison bets or straight-up number hits.

Court Ruling Points to Canadian Involvement in March 2026

This March 2026, a UK court ruling finally cracked the case open, suggesting a Canadian man as the key figure behind the domain grab and casino conversion; evidence included transaction trails from Canadian banks funneled into the site's roulette and slots, alongside WHOIS data mismatches that unraveled under scrutiny. The judge ordered domain transfer back to the church, but not before highlighting gaps in international cooperation on cyber-gambling squats.

Turns out, the operation netted an estimated £50,000 in bets over three years, with peak activity during weekends when churchgoers might accidentally log in; data from the ruling showed 70% of traffic originated from UK IPs mistaking the site for legitimate worship content. Observers note parallels to cases handled by Canada's Innovation, Science and Economic Development Canada, where domain fraud intersects with unlicensed gaming, although specifics remain under review.

But the retaliation added a layer of absurdity; those underwear images, plastered across the homepage during failed takeovers, drew media attention and ultimately aided the church's publicity push, turning a local scandal into national headlines by late 2025.

Broader Implications for Domain Security and Online Gambling

Chichester Baptist Church now hosts its site on a fortified platform with two-factor authentication and annual audits, a direct response to the hijack that exposed how easily faith-based groups become targets for profit-driven clones; similar incidents have popped up elsewhere, like a US synagogue site flipped into poker rooms, but this UK case stands out for its duration and audacity. Experts have observed that cybersquatting thrives where renewal notifications go unchecked, especially amid rising phishing attempts mimicking registrars like Nominet for .uk domains.

Now, with the ruling fresh this March 2026, churches and charities nationwide review their digital footprints, implementing tools like domain privacy shields while gambling watchdogs monitor for cloned sites peddling roulette variants without player protections. It's noteworthy that the fake casino skipped age verification and responsible gaming prompts, features mandated in regulated markets, allowing unrestricted access to high-stakes slots and wheel games.

Take one volunteer from the church who shared in press interviews how a simple Google search for "Chichester Baptist events" led her to a spinning roulette wheel; stories like that underscore the human cost, blending confusion with unintended exposure to addictive mechanics like near-miss slot effects or martingale roulette progressions.

Lessons from the Hijack: Protecting Domains in a Digital Age

Those who've studied cyber threats recommend proactive steps—locking domains via registrar controls, monitoring traffic anomalies with free tools like Google Alerts, and joining non-profit tech alliances for shared vigilance; in this instance, the church's persistence paid off, reclaiming chichesterbaptist.org.uk after 18 months of filings, though the lost years dented membership drives. And while the Canadian link hints at cross-border challenges, it also spotlights how rulings can deter future squats by publicizing operator identities.

So, as the dust settles post-March 2026, the story serves as a cautionary tale: domains aren't just addresses, they're gateways that, when compromised, twist innocent intent into illicit spins, reminding everyone from pastors to punters to double-check those URLs before clicking play.

Conclusion

The Chichester Baptist Church saga wraps with victory for the congregation, domain restored and hackers exposed, yet it lingers as a stark reminder of digital vulnerabilities in an era where gambling sites lurk behind trusted facades; moving forward, enhanced registrar protocols and awareness campaigns promise tighter defenses, ensuring church sites spin toward sermons, not slots.