Hackers That Allegedly Breached the EtherDelta Cryptocurrency Exchange Have Been Charged

EtherDelta Hackers Indicted

Data breaches often result in the leaking of phone numbers, but people, in general, don't seem to be too bothered about this particular piece of personal information. They reckon that criminals don't have much use for people's phone numbers and that the unpleasant side effects are limited to unsolicited text messages and cold calls. This, as Zachary Coburn, CEO of the cryptocurrency exchange by the name of EtherDelta, can tell, is not true at all.

In December 2017, EtherDelta got hacked, and for a few hours, its domain was pointing to a malicious version of the website which phished the credentials of unsuspecting cryptocurrency traders. Last week, ZDNet's Catalin Cimpanu saw court documents which suggest that the entire attack started off with Zachary Coburn's leaked phone number. According to the court, Elliot Gunton from the UK and Anthony Tyler Nashatka who lives in New York are responsible for the attack, and they are now faced with the possibility of spending up to 20 years in prison and paying up to $250 thousand in penalties. Here's how the events unfolded.

A single leaked phone number helped compromise an entire cryptocurrency exchange

According to the court documents, it all began on December 19, 2017 when Nashatka got his hands on the phone number of a certain Z.C., an EtherDelta employee. The name "Zachary Coburn" is not present in the filings, but considering what happened next, it's safe to assume that the cryptocurrency exchange's CEO was the one who had his phone number compromised.

It's unclear if the hackers deliberately looked for Coburn's phone number or if they obtained it by accident in a larger set of data bought on a hacking forum. What is certain is that they knew what to do with it.

Apparently, Nashatka shared the phone number with Gunton who called Coburn's telecommunication provider and asked for call-forwarding to be established. As a result, all incoming calls were redirected to a Google Voice number which the hackers had access to. They then used it to go through the Two-Factor Authentication (2FA) procedure on Zachary Coburn's EtherDelta account.

DNS hijacking is easy when you have the right information

After breaking in, Gunton and Nashatka first modified some of EtherDelta's G Suite settings and redirected the cryptocurrency exchange's email communication through a server they controlled. With this, they reset the password and hijacked EtherDelta's Cloudflare account which, in turn, allowed them to change the domain's DNS records. For the next few hours, users were inadvertently led to a website that looked identical to the cryptocurrency exchange but was designed to log people's usernames and passwords.

After the news of the attack broke, Gunton and Nashatka tried to cash out as quickly as possible. At least 308ETH (about $267 thousand at the time and $60 thousand at the current rate) were stolen along with some tokens which could also be worth quite a lot.

Even sophisticated hackers get caught every now and again

It's clear that Gunton and Nashatka knew what they were doing. A lot of meticulous planning went into the whole operation, and although they made a mistake and got caught, the attack serves as a testament to the hackers' talent. It's a shame that at least for the time being, they won't be able to use these skills for something legal and more constructive.

In fact, Elliott Gunton, who is barely out of his teens, has more problems to worry about. On August 16, just three days after the US indictment, Gunton was sentenced to 20 months in prison back in the UK for trading the personal data of TalkTalk customers. He clearly has a lot of lessons to learn, and we can only hope that these ordeals will help him change his ways.

September 24, 2019

Leave a Reply