One of the major benefits of decentralized exchanges is that they can’t be hacked – or so the theory went. As Etherdelta’s users found out last week, however, that’s not quite true. After accessing the site’s DNS records and replacing the domain with a sophisticated fake, attackers were able to hoover up hundreds of thousands of dollars in ethereum and tokens. One week on and thefts are still being reported, as the hacker continues to prey on unsuspecting victims.
Hackless Exchange Gets Hacked
As Etherdelta confessed six days ago: “At least 308 ETH” (worth around $270,000) plus “a large number of tokens potentially worth hundreds of thousands of dollars” was taken. The attacker went to great lengths to pull off the scam, creating a fake Etherdelta site that looked uncannily like the real thing complete with a false order book. It was believed at the time that users who had accessed the site via browser plugin Metamask or Myetherwallet were unaffected. Reports are now surfacing, though, that suggest the attack may have inflicted wider damage than at first thought.
Tommy World Power is a well known cryptocurrency trader and vlogger who was among those affected by the Etherdelta hack. He initially thought he’d been spared from the attack, only to tweet, six days later:
He continued: “It was on my to-do list to withdraw the funds off it, was trying to do it now (and I only keep short-term funds there). This means they had access to my account since the hack, but only did it a few hours ago.”
Like everyone else caught up in the hack, Tommy had all of his funds drained. Etherdelta has been bombarded with tweets from users who didn’t lose anything at the time of the hack, but whose wallets have since been emptied.
The attacker has been linked with this ethereum address, which currently contains around $4.3 million of ETH. The address has been labeled “Fake_Phishing306” and is accompanied by a warning on Etherscan that the account has been associated with phishing scams.
It seems the Etherdelta hacker has had success with targeting users of numerous platforms via a range of attack vectors. Some users have even claimed that less scrupulous exchanges work hand-in-hand with hackers, plying them with account details that can then be cracked. There is no suggestion that this is the case with Etherdelta, it should be noted, and it is an allegation that is extremely hard to prove. Nevertheless, incidents such as this prove the dangers of trusting any exchange, decentralized or otherwise.
After learning of his losses, Tommy World Power embarked on a mission to have the attacker’s accounts at Binance and Coinexchange.io frozen, where they were believed to be offloading their hot ether. Trading volume on Etherdelta has been low since the exchange came back online. Users are torn between wanting to get their hands on desirable tokens, such as Dragonchain, and wanting to avoid the site for security reasons. While work continues elsewhere on projects such as atomic swaps, investors are left with little option but to rely on exchanges, despite their inherent risks.