EtherDelta Cryptocurrency Exchange Website Compromised By Hackers

The decentralized cryptocurrency exchange EtherDelta tweeted an urgent alert on Wednesday, warning users not to open the site because hackers may steal user funds. “We have reason to believe that there had been malicious attacks that temporarily gained access to @etherdelta DNS server,” the site’s account tweeted. So far it appears the alleged attackers' ether wallet has more than $212,325 worth of tokens.

WARNING: If you are holding funds on EtherDelta. Do NOT open the site. The EtherDelta site is compromised and opening it may result in lost funds. If you are using BLUE beta, MetaMask, or a Ledger you should be safe. But we still do not recommend visiting ED until it's resolved.
— BLUE: Securing the Crypto Age (@EthereumBlue) December 20, 2017

⚠️ 2/2 *BE AWARE* The imposer's app has no CHAT button on the navigation bar nor the offical Twitter Feed on the bottom right. It is also populated with a fake order book.
— EtherDelta (@etherdelta) December 20, 2017

Users who access the platform through BLUE beta, MetaMask, or a Ledger should be safe for now as long as they avoid the main site. BLUE’s sister Twitter account recommended using DeltaBalance’s GitHub page to check if your holdings were stolen. This attack comes just weeks after BLUE posted a blog post claiming it is the “first company in the space attempting to secure blockchain payments for fraud detection and scam prevention.” BLUE even used this hack to promote their upcoming Chrome extension with a “blacklisting capability” it claims would have been able to stop these hackers.

These days, cryptocurrency exchanges routinely suffer crippling attacks by malicious hackers. Reuters reported the South Korean cryptocurrency exchange Youbit announced this week it is shutting down and filing for bankruptcy after losing 17 percent of its assets to a cyberattack. Earlier this month, hackers reportedly stole $64 million worth of cryptocurrency from the Slovenian mining marketplace NiceHash.

But it isn’t only exchange operators who suffer the consequences. Downloading a security-focused Chrome extension probably can’t offer infallible protection for individual users. And there isn’t yet any legal protection for indirect victims of such cyberattacks. Entrepreneur Dan Wasyluk is one such hacking victim who lost millions of dollars worth of bitcoin three years ago on an exchange called Moolah. He was unable to recover or get reimbursed for any of those lost funds even after the man behind Moolah was charged with fraud and money laundering. “If you are starting an exchange and you lose clients’ money, you or your company should be 100 percent accountable for that loss,” Wasyluk told Reuters. “And right now there is nothing like that in place.”

This is why most cryptocurrency experts recommend keeping digital assets in cold storage, like a personal hardware wallet. Third party platforms, including cryptocurrency exchanges, are vulnerable to a variety of attacks and malfunctions. The websites that offer services for blockchain-based assets are typically less secure than the cryptocurrency networks themselves. EtherDelta promptly published a video tutorial for safely removing funds without actually opening the compromised site.