The US attorney’s office for the Northern District of California has unsealed indictments against two individuals it suspects as being involved in a hack on the EtherDelta exchange in December 2017. Elliot Gunton, who used the moniker ‘Planet’ online, and Anthony Tyler Nashatka, who went by ‘Psycho’, were indicted on August 13 on five charges relating to the hack, which took place at the height of the crypto boom in December 2017 and saw hundreds of ETH stolen when the legitimate website was replaced by a fake.
Complex Process to Defraud Users
The indictment claims that Gunton and Nashatka modified EtherDelta’s domain name settings in order to obtain their addresses and private keys before removing funds from their wallets. The complex method used to achieve this was also revealed in the indictments, which involved Nashakta initially purchasing stolen personal details of EtherDelta employees on the dark web. One of these, referred to as Z.C., is thought to be Zachary Coburn, the company’s CEO, who was fined by the SEC in November for illegally running the exchange in the first place. They used Z.C.’s personal details to bypass the two-factor authentication on his mobile device before hacking into the EtherDelta backend, redirecting the website’s traffic to a “fake website resembling the true EtherDelta platform” which stole customers’ private keys and allowed their wallets to be drained of ETH. Gunton and Nashatka are suspected of stealing some 310 ETH in the hack, which as the time was valued at some $250,000, with some seeing large personal holdings stolen:
I got hacked 🙁 they stole from my MEW wallet! Lost 25k
— CryptoKing (@eleslie95) December 20, 2017
Long Sentences Await
Gunton and Nashatka didn’t just steal ETH from their victims, they cleaned them out of all the crypto they possessed, with one individual, referred to in the indictments as R.R., seeing $800,000 worth of tokens stolen. Three days after the pair were indicted, Gunton was sentenced to 20 months in prison in the UK for trading personal data online, with the data found on his devices at the time of his arrest believed to have ultimately led to arrests in the EtherDelta case. The duo face a maximum sentence of 20 years in prison, up to three years of supervised release, and a fine of up to $250,000 if they are found guilty.