Security Experts:

U.S. Government Asks Victims of 2017 EtherDelta Hack to Come Forward

The U.S. government is hoping to obtain additional information on the 2017 hacker attack targeting the EtherDelta cryptocurrency trading platform and it has asked victims of the incident to come forward.

EtherDelta was a decentralized trading platform for Ether and Ethereum-based tokens. It was shut down after its founder was charged by the U.S. Securities and Exchange Commission (SEC) in November 2018 for operating an unregistered exchange. It reportedly also had legal problems in China.

According to U.S. authorities, Anthony Tyler Nashatka of Michigan (aka psycho) and Elliott Gunton from the United Kingdom (aka planet and Glubz) in December 2017 managed to steal at least $1.4 million worth of cryptocurrency as a result of a cyberattack targeting EtherDelta.

The Justice Department said Nashatka and Gunton abused a legitimate account to gain access to EtherDelta DNS settings and changed them so that legitimate users would be redirected to a phishing website they controlled. On this website, victims were instructed to provide cryptocurrency addresses and private keys.

Over the course of two days in December 2017, Nashatka and Gunton allegedly stole the credentials of hundreds of users and abused them to steal roughly $600,000. They then stole another $800,000 from a single individual a few days later.

Nashatka and Gunton were charged by U.S. authorities in 2019 with conspiracy to commit computer fraud and abuse; transmission of a program, information, code, and command to cause damage to a protected computer; unauthorized access to a protected computer to obtain value; conspiracy to commit wire fraud; and aggravated identity theft.

Gunton was sentenced to prison in 2019 in the U.K. for hacking British telecoms firm TalkTalk. He received a 20-month sentence, but he was released immediately due to the time already spent in custody. However, he is still charged in the United States for his alleged role in the EtherDelta hack.

The Office of the U.S. Attorney and the Secret Service last week said they were looking for more information on the EtherDelta hack and asked victims to come forward by filling out a questionnaire. Victims are instructed to provide information such as their cryptocurrency address, the date and time of the claimed theft, the amount stolen, whether they notified police, and whether they would be willing to testify in court.

Related: Hackers Steal Millions from Cryptocurrency Exchange Bitrue

Related: Hackers Trick GoDaddy Employees in Operation Targeting Cryptocurrency Services

Related: North Korean Hackers Continue to Target Cryptocurrency Exchanges

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.