Cyber Incident Victim: EtherDelta

On December 20, 2017, hackers compromised the decentralized cryptocurrency exchange EtherDelta by hijacking its DNS server, replacing the legitimate website with a fraudulent version. Visitors accessing the actual EtherDelta domain during the attack were redirected to a convincing replica site that remained partially functional. This fake interface prompted users to unknowingly send Ethereum (ETH) and Ethereum-based tokens to wallets controlled by the attacker rather than the exchange. The theft occurred between approximately 1:40 p.m. ET and 8:00 p.m. ET, with at least 308 ETH (valued at $266,789) and numerous tokens potentially worth hundreds of thousands of dollars diverted to the hacker’s address. The attacker later moved the bulk of stolen funds to secondary addresses around 1:30 a.m. ET on December 21. EtherDelta’s underlying smart contracts were not breached in the attack, confirming the compromise was limited to DNS infrastructure rather than the platform’s core blockchain functionality.

EtherDelta confirmed the breach via Twitter, advising users to avoid the platform and warning that interactions with the fraudulent site might have exposed private keys, particularly for those who entered them directly on the compromised interface. The exchange restored its legitimate DNS configuration within hours, mitigating the attack by late evening ET on December 20, though the platform remained officially flagged as unsafe afterward. Blockchain analysis revealed the attacker’s fund movements due to Ethereum’s public ledger transparency. Users were directed to third-party tools like deltabalances.github.io to verify wallet balances, though no formal recovery process for stolen assets was detailed. The incident highlighted vulnerabilities in decentralized exchanges’ centralized entry points, as DNS server control enabled widespread interception of user transactions despite the platform’s otherwise distributed architecture.