US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the
In December 2017, the popular
The other suspect is Anthony Tyler Nashatka, aka “psycho,” from New York city. The duo hacked the EtherDelta systems using employee data (phone number, email address) purchased on the black market.
“The two, over the course of just a week, went from buying an EtherDelta’s employee phone number off the black market to stealing funds from thousands of EtherDelta users.” reported ZDNet.
Court documents obtained by ZDNet in exclusive refer the employee was Z.C., experts believe he is the EtherDelta’s CEO. Clearly the access to the CEO account allowed the hacker to breach the company
The employee’s data wer
Six days later, on December 19, 2017. Gunton tricked a mobile
In this way, any incoming calls were silently forwarded to a Google Voice number operated by the two
On December 20, the two hackers modified DNS settings in the G Suite portal of EtherDelta and redirected Gmail traffic through a server under their control allowing them to reset the password on EtherDelta’s Cloudflare account. Once gained the access the Cloudflare account they were able to lock out any other employee of the company.
At this point, the duo changed EtherDelta’s DNS records associating the EtherDelta domain to a server under their control that was hosting a copy of the legitimate site used to trick victims into providing their credentials.
The DNS redirection was discovered in a few hours, but it was enough for the hackers to steal more than $800,000 from the accounts of the EtherDelta users.
According to ZDNet, the indictment was filed on August 13, in San Francisco, a few days before Gunton was sentenced to 20 months in prison in the UK. He was also ordered to pay back £407,359 and given a three-and-a-half-year community order, which restricts his internet and software use.