The Prosecutor’s office for the Northern district of California accused Elliot Gunton and Anthony Tyler Nashatka of hacking the EtherDelta exchange in December 2017.
According to the indictment, the suspects changed the settings of the cryptocurrency platform’s domain name system, thereby misleading exchange users in order to “collect their addresses and private keys, as well as further withdraw funds that were located at these addresses.”
To access the settings, the attackers used the phone number of one of the EtherDelta employees, hacking his email as well. After that, they changed the system parameters so that all traffic did not go to the exchange, but to a “fake website that copied the real EtherDelta platform”.
Visitors to the fake site were unaware that they were disclosing their private key information to third parties and thus losing their digital assets. According to the prosecution, one of the EtherDelta users lost at least $800,000 as a result of fraudulent actions. The total amount of all lost funds was not disclosed.
Recall that the Internet domain of the decentralized exchange EtherDelta was attacked on the night of December 21, 2017. As a result of hacking DNS servers, when trying to switch to a domain Etherdelta.com, the user is redirected to a fake exchange page created by hackers.