One of the major benefits of decentralized exchanges is that they can’t be hacked – or so the theory went. As Etherdelta’s users found out last week, however, that’s not quite true. After accessing the site’s DNS records and replacing the domain with a sophisticated fake, attackers were able to hoover up hundreds of thousands of dollars in ethereum and tokens. One week on and thefts are still being reported, as the hacker continues to prey on unsuspecting victims.
Also read: Chinese Programmer Arrested Over ¥20 Million Bitcoin Theft
Hackless Exchange Gets Hacked
As Etherdelta confessed six days ago: “At least 308 ETH” (worth around $270,000) plus “a large number of tokens potentially worth hundreds of thousands of dollars” was taken. The attacker went to great lengths to pull off the scam, creating a fake Etherdelta site that looked uncannily like the real thing complete with a false order book. It was believed at the time that users who had accessed the site via browser plugin Metamask or Myetherwallet were unaffected. Reports are now surfacing, though, that suggest the attack may have inflicted wider damage than at first thought.