2. There are simply too many TLDs to buy them all. Phishing sites will always be possible, regardless. Even if they buy all the TLDs, the attacker can simply create a phishing site on rooobet(.)com, roobeet(.)com, or something like that, or the attacker can even use Unicode instead of ASCII to mimic a real domain name.
Yes, they are so many. I am not saying Roobet team should buy all of them off. Just a few that could easily trick users like that one of .io
For example, Roobet
.io is
listed as one of sites to have purchased a non-distributable copy of the previous version of bustabit's source code. I believe they wanted to say roobet.com