EtherDelta Hackers Charged By U.S. Authorities; Scammers Setup A Fake Domain To Steal Private Keys
Anthony Tyler Nashatka and Elliot Gunton have been charged by the Northern District of California attorney’s office. They have been found guilty of hacking the EtherDelta back in December 2017. The EtherDelta is an exchange platform for cryptocurrency that is based on the Ethereum blockchain. It is a non-custodial marketplace used by traders to trade Ethereum tokens.
According to the judgment, these two suspects made changes on EtherDelta’s domain name system aiming at defrauding the users of the exchange. The motive was to obtain their private keys, cryptocurrency address, and ultimately withdraw money that is in those addresses.
Counterfeit Website to Defraud Users
The hackers were very clinical in their dealings. They managed to hack the EtherDelta site and later replaced it with a convincing fake one that was used to steal from the users. The suspects managed to gain entry to the system via a phone number belonging to one of the EtherDelta employees.
It is what they used to hack the site and now redirected traffic from EtherDelta to their counterfeit website that resembled the original one. Now when using the website, users would hand over their private keys unwittingly to the hackers who would steal their investment and cryptos.
The total amount lost due to the fraudulent activity was not mentioned in the court, but it was revealed that one EtherDelta user lost close to $800,000.
How it Went Down
All this started when the hackers allegedly bought the e-mail address and phone number of an EtherDelta employee identified as Z.C. They then went to the help desk for the phone company and convinced the employee to enable call forwarding without Z.C. consent. Now since all messages and calls to Z.C. were forwarded to the hackers, they were able to bypass the 2-factor authentication on his accounts.
They again accessed Z.C. e-mail settings and redirected e-mails to another e-mail of their own. This means that Z.C. would not get any confirmation or warning e-mails. After about one week of all these strategic plans, on December 20, they acquired access to EtherDelta Cloudflare, and they reset the password.
So Z.C. could not access it, and that is when they replaced the real website with their fake one and started draining user wallets. It appears reasonable to assume Z.C. is Zachary Coburn, who is the operator and founder of EtherDelta.