Two persons have been indicted in the US for the hacking of EtherDelta, a non-centralized exchange for trading Ethereum (ETH) ERC-20 tokens, on December 2017.
Elliot Gunton and Anthony Tyler Nashatka have been charged with accessing phone number and e-mail address of an EtherDelta employee fraudulently and accessing the exchanges account and replacing its website with a fake one resembling it, created by them. They are also suspected of stealing the primary keys of customers who used the fake website and siphoning off the user’s cryptocurrency.
After getting hold of EtherDelta employees’ phone number and e-mail address, Gunton and Nashatka went to the telephone exchange and convinced an employee there to set up automatic call forwarding on the employees’ number. That meant that all calls on that number would be forwarded to them without the employee even knowing about it.
Next, they changed the setting of the employees’ address and redirected mails to their email address. Now, they could receive all the mails sent to that employee without him being aware of it.
The duo used the phone number and e-mail address and gained access to EtherDeltas account and replaced the website with their website. When unknowing customers used the fake exchange, they shared their primary keys on it, thinking that the fake site was EtherDelta. The duo gained access to these primary keys and Cryptocurrency addresses and siphoned off Cryptocurrency from the user’s account on EtherDelta. The documents filed in the indictment reveal that at least one user lost $800,000.
Documents filed in court mention the employee whose e-mail address and phone number were used by the duo only as “Z.C.” which is believed to stand for Zachary Coburn who was EtherDelta’s CEO at the time this happened. That is because only by knowing the phone number and e-mail address of Colburn could the duo have accessed EtherDelta’s account.
This case was one of the first to bust the myth that decentralized exchanges could not be hacked. BY simply accessing one phone number and one e-mail address Gunton and Nashatka could steal a large amount of Cryptocurrency.