Cryptocurrency Hacking

EtherDelta Hacked – Millions Stolen

Written by Dr-Hack



Update 10 Jan 2018 : EtherDelta has not been hacked again, what you heard was probably rumors. MyEtherWallet is also not hijacked. If you are not sure about a hack you can ask me for a quick system check and will let you know

Hackers started transferring coins from EtherDelta to their Wallets , 3 hours have passed since hackers have been emptying EtherDelta. An Ethereum Wallet linked with hackers have been identified and hackers have transferred 0.2 Million USD worth of ETH to their own wallet.

Just few days back a korean exchange closed due to second hacking attempt in an year and now its another. Cryptocurrency has increased the risks of losing high amount of fiat as exchanges are still the weakest link

How EtherDelta was Hacked

EtherDelta staff was only 2 hours late to identify the Hack and even after they acknowledged they were hacked ,hackers were still emptying wallets of EtherDelta.

As per the tweet, DNS Servers were compromised of the website which means that hackers never had access to the actual website but if that was the case how did the hackers manage to pull out 278 ETH from EtherDelta wallets ? (and counting)
Update (21 Dec 17 5:44 AM ) : Count of stolen Ethereum from EtherDelta wallet has increased to 307.995 ETH

A follow up tweet was made from EtherDelta Twitter Account

It means its a typical DNS Hijacking and the Hackers redirected the users to their own FAKE version of etherdelta , that way they might have gained login details and started logging in to original accounts got users a crafted websiet where the order books data was coming off etherdelta charts while logging Wallet details including keys which were later used to empty individual accounts and started draining cryptocurrency from original website users.

But why did not EtherDelta close their website or disable withdrawals ? as you can see in EtherScan hackers were still transferring ETH after the above tweets were made :
EtherDelta Hacker Wallet
0x3f8a37bde9b15b65c82f9cdd00192e0ba36cc5fc

EtherScan has flagged the above wallet as Fake_Phishing305

More details will be added as they are available,this Hack took place just after 2 days of new CEO Terry Liu of EtherDelta , Weird ?

Who are the Hackers of EtherDelta stealing Ethers ?

Currently it is unknown who the hackers are but there are strong possibilities that they may get caught

  • Hackers can be traced by looking at the NameServers which were used for DNS Hijacking. Details of Hackers can be accessed after unlocking

    Hackers used Wildcard Networks Hosting and used Server IP : 185.27.134.140 which redirected all etherdelta.com visitors to hackers phishing website where they obtained Login Details.

  • As visible above, DNS hijacking was not done, rather Cloudflare account of EtherDelta was compromised and A RECORDS were shifted to Hackers website
  • Its really strange that it took hours for EtherDelta to respond and all the loss of Coins is totally fault of EtherDelta as they should have kept better login security means.

Poor Show EtherDelta , It can also be an inside job. An angry employee ?



Pin It on Pinterest

Shares

Why Share ?

Sharing this will bring Good Luck and Hackers will stay away from your Machine --Anonymous