Northern District of California has indicted two suspects — Elliot Gunton and Anthony Tyler Nashatka — for hacking EtherDelta. That’s an exchange trading Ethereum (ETH) ERC-20 tokens, in December 2017. According to EtherDelta: “This is a decentralized trading platform that lets you trade Ether and Ethereum-based tokens directly with other users. You are responsible for your own account, funds, and private keys. Therefore EtherDelta makes no guarantee about the tokens that you trade using EtherDelta”.
Aug. 13 2017, Ganton and Nashatka changed the settings of EtherDelta’s domain name system to mislead users and collect their crypto addresses, private keys and to withdraw funds.
The suspects managed to gain access to the settings using the phone number of one of the EtherDelta employees. It will be used to hack their email address. Following that, Gunton and Nashatka reportedly changed the parameters of the domain system. All the traffic will be redirected from EtherDelta to a fake website that resembled a real EtherDelta platform. As the result, visitors will leak their private keys to the fake website.
According to the prosecution, the losses of one of the EtherDelta users amounted to at least $800,000. However, the total amount of stolen funds was not disclosed in the court document.