Pierluigi Paganini September 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack.

US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017.

In December 2017, the popular cryptocurrency exchange EtherDelta was hacked, attackers conducted a DNS attack that allowed to steal at least 308 ETH ($266,789 at the time of the hack) as well as a large number of tokens.

According to ZDNet, one of the suspects, the Briton Elliott Gunton(20) aka “Glubz, was also accused of TalkTalk hack.

The other suspect is Anthony Tyler Nashatka, aka “psycho,” from New York city. The duo hacked the EtherDelta systems using employee data (phone number, email address) purchased on the black market.

“The two, over the course of just a week, went from buying an EtherDelta’s employee phone number off the black market to stealing funds from thousands of EtherDelta users.” reported ZDNet.

Court documents obtained by ZDNet in exclusive refer the employee was Z.C., experts believe he is the EtherDelta’s CEO. Clearly the access to the CEO account allowed the hacker to breach the company.

The employee’s data were acquired by Nashatka that asked Gunton to help him in hijacking both EtherDelta’s Cloudflare and Dreamhost accounts.

Six days later, on December 19, 2017. Gunton tricked a mobile telco’s operator into adding a call forwarding number to Coburn’s mobile account.

In this way, any incoming calls were silently forwarded to a Google Voice number operated by the two hackers including two-factor authentication (2FA) messages for the EtherDelta account.

On December 20, the two hackers modified DNS settings in the G Suite portal of EtherDelta and redirected Gmail traffic through a server under their control allowing them to reset the password on EtherDelta’s Cloudflare account. Once gained the access the Cloudflare account they were able to lock out any other employee of the company.

At this point, the duo changed EtherDelta’s DNS records associating the EtherDelta domain to a server under their control that was hosting a copy of the legitimate site used to trick victims into providing their credentials.

The DNS redirection was discovered in a few hours, but it was enough for the hackers to steal more than $800,000 from the accounts of the EtherDelta users.

According to ZDNet, the indictment was filed on August 13, in San Francisco, a few days before Gunton was sentenced to 20 months in prison in the UK. He was also ordered to pay back £407,359 and given a three-and-a-half-year community order, which restricts his internet and software use.

Pierluigi Paganini

(SecurityAffairs – TalkTalk, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]