The team behind the crypto decentralized exchange EtherDelta, which is powered by a smart contract on the Ethereum blockchain, has just issued a security alert warning all users about a security incident involving its DNS server.
EtherDelta, which allows users to trade ERC-20 tokens, said on Twitter that it is currently investigating this issue, and in the meantime advised its users not to use the current site.
Discover credible partners and premium clients in China’s leading event!
Although it is unclear exactly how much money was stolen, it appears several thousands of dollars worth of cryptocurrency is now in the hands of an unknown assailant. However, EtherDelta’s warning implies that users will be safe so long as they don’t use the site right now, thus any tokens/ether deposited to EtherDelta should be safe whichever wallets they are currently in.
EtherDelta’s web interface allows users to deposit and withdraw assets, and make transactions directly through hosting their Ethereum private key in-browser.
It seems that someone successfully injected malicious code into the exchange. According to an ongoing investigation, the imposter app has no CHAT button on the navigation bar nor the official Twitter feed on the bottom right. It is also populated with a fake order book.
Dear users, we have reason to believe that there had been malicious attacks that temporarily gained access to @etherdelta https://t.co/NnqU5Er4rj DNS server. We are investigating this issue right now – in the meantime please DONOT use the current site.
— EtherDelta (@etherdelta) December 20, 2017
Earlier in September, scammers created a phishing website with a similar domain name which was linked to a malicious JavaScript code that gave attackers full control of data on EtherDelta user’s session. At the time, the assailant distributed a link to an unlisted EtherDelta token and made it appear more legitimate through unknown access to the official EtherDelta chat room.
Be First to Comment