Two Suspects Indicted Over 2017 EtherDelta Hack

  • Two suspects have been indicted in connection with the 2017 hack of EtherDelta. 
  • Suspects were able to manipulate the exchange's web domain to direct users to a fraudulent website. 

Two suspects have been indicted by the U.S. attorney’s office for the Northern District of California in connection with the hacking of cryptocurrency exchange EtherDelta in December 2017. 

EtherDelta Hack Indictment

According to the indictment, the suspects Elliot Gunton and Anthony Tyler Nashatka allegedly modified the EtherDelta domain name setting to defraud users of the exchange.

The defendants were able to access and alter the system, which was registered to an account with Cloudflare, to obtain client “cryptocurrency addresses and private keys,” in addition to withdrawing funds from the associated accounts. 

The filing continues, claiming that Gunton and Nashatka were able to obtain the cell phone number of an EtherDelta employee through an elaborate scheme involving the cellphone service provider. The two suspects were then able to use the name to access to the employee’s email address, thereby allowing entry into the “web infrastructure and website security accounts”.

From there the defendants diverted traffic from EtherDelta to a fraudulent website resembling the exchange and were able to obtain pertinent user information, including private keys, to defraud clients of their funds.

The indictment claims that Gunton and Nashatka stole from hundreds of EtherDelta users, with one particular client losing more than $800,000 in the theft. 

Featured Image Credit: Photo via Pixabay.com

IOTA Foundation to Reopen Mainnet by March 2 after $2 Million Hack

The IOTA Foundation, the non-profit organization behind the IOTA network, has announced it plans to reactivate the IOTA Network by March 2 after halting it over a $2 million hack.

According to the non-profit organization, it’s working on creating transition tools for users to transfer funds from their existing wallets to new ones so they can avoid any further losses and bring the network back online.

As CryptoGlobe reported, the IOTA Foundation turned off its Coordinator node, which is responsible for validating individual transactions on the network, earlier this month after users started reporting their funds were being stolen from the Trinity wallet, a wallet designed by the Foundation.

Since it turned the coordinator off, it has been working with law enforcement agencies, including the German Center for Cybercrime and the U.S. Federal Bureau of Investigation, to identify the cause. A total of “8.55 Ti”, or $2.3 million worth of IOTA tokens were lost.

In a post-mortem report, the Foundation detailed the vulnerability was the result of an integration with a fiat-to-crypto onramp platform called MoonPay that was being used with the Trinity wallet. Its investigation found a hacker was able to take over MoonPay’s content distribution network, and using it infiltrated the Trinity Wallet to distribute malicious Software Development Kits (SDKs).

The Foundation’s internal analysis of affected Trinity caches found irrefutable proof that they had been compromised with one of several illicit versions of Moonpay’s software development kit (SDK), which was being loaded automatically from Moonpay’s servers (their content delivery network) when a user opened Trinity.

The attacker, according to the Foundation, made sure he avoided triggering cryptocurrency exchanges’ know-your-customer (KYC) checks when sending funds to cash out, keeping the threshold below $10,000.

The IOTA Foundation was, according to the report, only able to identify 50 victims from the attack, and doesn’t know exactly how many users were affected by the attack. As such, it’s asking those who used the Trinity desktop wallet to use a migration tool.

The organization’s move to shut down the Coordinator node and essentially bring the mainnet to a halt was a controversial one, as various cryptocurrency users are now on social media claiming the IOTA network is centralized.

Featured image via Pixabay.