US Indicts Two for Involvement in EtherDelta Hack

by Arnab Shome
  • One of the accused is already in prison for 20 months in the UK for trading personal data online.
US Indicts Two for Involvement in EtherDelta Hack
iStock
Join our Crypto Telegram channel

Almost two years after the hack of EtherDelta, the United States attorney's office for the Northern District of California has indicted two suspects — Elliot Gunton and Anthony Tyler Nashatka for the attack and theft from the crypto exchange.

According to the inditement, Gunton and Nashatka changed the settings of EtherDelta’s domain name system to mislead users and collect their crypto addresses, private keys and to withdraw funds. Gunton, aka “Glubz,” is a 20-year old UK resident and was also involved in TalkTalk hack. Nashatka, aka “psycho,” on the other hand, hails from New York.

A well-thought attack

The entire operation took place over the span of two weeks beginning on December 13, 2017, with the illegal purchase of the personal details of an EthereDelta employee by Nashatka.

Though the employee of the Exchange is only identified as Z.C. in the court documents, it is believed that it was the then-CEO of EthereDelta, Zachary Coburn.

After realizing the value of the acquired personal information, Nashatka immediately reached out to Gunton and started planning to hijack EtherDelta's Cloudflare and Dreamhost accounts.

On December 19, the perpetrators pulled off a classic SIM swap fraud and added a call forward functionality from Coburn’s number to a Google Voice number operated by the two to by-pass the two-factor authentication required for login into EtherDelta admin accounts.

The following day the two hackers modified the DNS settings of EtherDelta’s website and redirected all website traffic to a fake website, resulting in the theft of visitors' crucial credentials, including private keys.

Although the court documents did not specify the exact loss incurred in the attack, it only mentioned that one of the victims lost as much as $800,000.

Meanwhile, Coburn was also in murky waters for business practices regarding EtherDelta. In November 2018, the Securities and Exchange Commission (SEC) ) in the US charged him for operating an unregulated securities exchange and fined $400,000.

Last month, Primitive Ventures-founding partner Dovey Wan revealed that the Chinese authorities are now investigating EtherDelta under the suspicion of an exit scam pulled off by the new owners of the exchange.

Almost two years after the hack of EtherDelta, the United States attorney's office for the Northern District of California has indicted two suspects — Elliot Gunton and Anthony Tyler Nashatka for the attack and theft from the crypto exchange.

According to the inditement, Gunton and Nashatka changed the settings of EtherDelta’s domain name system to mislead users and collect their crypto addresses, private keys and to withdraw funds. Gunton, aka “Glubz,” is a 20-year old UK resident and was also involved in TalkTalk hack. Nashatka, aka “psycho,” on the other hand, hails from New York.

A well-thought attack

The entire operation took place over the span of two weeks beginning on December 13, 2017, with the illegal purchase of the personal details of an EthereDelta employee by Nashatka.

Though the employee of the Exchange is only identified as Z.C. in the court documents, it is believed that it was the then-CEO of EthereDelta, Zachary Coburn.

After realizing the value of the acquired personal information, Nashatka immediately reached out to Gunton and started planning to hijack EtherDelta's Cloudflare and Dreamhost accounts.

On December 19, the perpetrators pulled off a classic SIM swap fraud and added a call forward functionality from Coburn’s number to a Google Voice number operated by the two to by-pass the two-factor authentication required for login into EtherDelta admin accounts.

The following day the two hackers modified the DNS settings of EtherDelta’s website and redirected all website traffic to a fake website, resulting in the theft of visitors' crucial credentials, including private keys.

Although the court documents did not specify the exact loss incurred in the attack, it only mentioned that one of the victims lost as much as $800,000.

Meanwhile, Coburn was also in murky waters for business practices regarding EtherDelta. In November 2018, the Securities and Exchange Commission (SEC) ) in the US charged him for operating an unregulated securities exchange and fined $400,000.

Last month, Primitive Ventures-founding partner Dovey Wan revealed that the Chinese authorities are now investigating EtherDelta under the suspicion of an exit scam pulled off by the new owners of the exchange.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}