One of ethereum’s biggest decentralized exchange, responsible for around 10% of all eth transactions, has been hacked today.
Details are sparse at this stage, with EtherDelta understandably busy dealing with the matter at hand, however, they have officially confirmed, stating:
“We have reason to believe that there had been malicious attacks that temporarily gained access to EtherDelta DNS server. We are investigating this issue right now – in the meantime please *DONOT* use the current site.”
There are suggestions their Cloudflare account may have been compromised, with a malicious site added, but how the hack happened exactly is unclear at this stage.
Around 308 eth, worth some quarter of a million dollars, have already moved according to a suspected address. With other tokens seemingly moving to the hacker as well.
If you have funds at the decentralized exchange, you can use this guide showing how to withdraw funds without logging into the website.
Do not log into the website and preferably do not visit it at all until the situation clears, unless you’re an expert in these matters. According to ethtrader mods:
“If you haven’t logged into EtherDelta at all today, your balances are likely fine. If you have logged into EtherDelta earlier today and successfully made a trade it is likely that your balance is fine but you may want to take extra precautions any way.
If you visited EtherDelta but did not input your private key or sign a transaction your balance should be fine. If you visited EtherDelta using MetaMask or Trezor but did not sign a transaction or enter your private key your balance should be fine.”
The situation appears to be similar to a phishing website whereby you are directed to a malicious website, so giving them your password, or in this case your private keys, by entering it thinking it is a legitimate site, when it isn’t.
With some suggesting the Ethereum Name Service (ENS) system could have assisted in this situation as it is decentralized, therefore can not be hijacked in a like fashion.
However, we’ll have to wait for EtherDelta to provide a full report on the matter to see what exactly happened, why it was not prevented, and how it can be avoided in the future.