Popular cryptocurrency exchange EtherDelta got hacked in spectacular fashion Wednesday, with many users unknowingly sending their tokens to the hacker instead of the exchange.
At least 308 ETH ($266,789) were stolen, as well as a large number of tokens potentially worth hundreds of thousands of dollars.
EtherDelta is a decentralized exchange which lists nearly all Ethereum-based tokens in existence. It doesn’t have a huge volume compared to larger exchanges but it’s an important first step for traders after a new token gets generated in an ICO (initial coin offering).
Apparently, the smart contracts that govern EtherDelta’s behavior weren’t compromised in the attack. Instead, the attacker managed to take over EtherDelta’s DNS server and serve a fake version of the site to visitors.
This is far more dangerous than the common phishing attack in which a fake site sets up a domain name similar to the real one (such as etherrddeltta.com). Users who visited the actual EtherDelta site in the afternoon (ET time) Wednesday were served a partially functional but still quite convincing version of the site. The attack appears to have been mitigated within a few hours, and the proper EtherDelta site restored, but anyone who interacted with the fake site may have sent ether or other tokens to the hacker.
EtherDelta confirmed the attack on Twitter and advised all users not to use the site. At the time of writing, they haven’t lifted the warning, so EtherDelta should still be considered unsafe to use.
⚠️ 2/2 *BE AWARE* The imposer’s app has no CHAT button on the navigation bar nor the offical Twitter Feed on the bottom right. It is also populated with a fake order book.
— EtherDelta (@etherdelta) December 20, 2017
Thanks to the public nature of Ethereum’s blockchain, you can see how the funds were moved in and out of the hacker’s probable address here. Ether and tokens flowed in from 1:40 p.m. ET up until roughly 8 p.m. ET; the attacker moved the bulk of the funds to other addresses at roughly 1:30 a.m. ET Thursday.
There are various ways to interact with EtherDelta; either through the Ledger Nano S hardware wallet (the safest way), through a software wallet such as Metamask (a little less safe), or by just entering your private key into the site itself (the least safe way). It’s difficult to say whether private keys were exposed to the hack, but it’s possible.
Users would probably do well to move any funds out of the wallets used for interacting with EtherDelta into new, secure wallets. You can check the state of the wallets you used with EtherDelta over at deltabalances.github.io.
This hack is another warning of the dangers when dealing with cryptocurrencies. While EtherDelta is supposed to be decentralized, it still has a central point of entry — its website — which, when compromised, can result in catastrophe.