Teenage TalkTalk hacker accused of $800,000 cryptocurrency theft in the United States

Graham Cluley
Graham Cluley
@[email protected]

Teenage TalkTalk hacker accused of $800,000 cryptocurrency theft in the United States

It’s only a month since 19-year-old Elliott Gunton, who had previously been convicted for his role in the infamous data breach of the UK telecoms firm TalkTalk, was hit with a 20 month prison sentence for stealing personal data and selling his hacking services.

Unfortunately for Gunton, his problems haven’t ended there.

As BBC News reports, Gunton is now facing charges from US authorities that he was involved in the December 2017 breach of Chicago-based cryptocurrency exchange EtherDelta.

Sign up to our free newsletter.
Security news, advice, and tips.

Court documents allege that Gunton gained control of an email account belonging to an EtherDelta employee – likely to be EtherDelta’s founder Zachary Coburn.

With information stolen from the account, hackers are alleged to have meddled with EtherDelta’s DNS records was able to redirect customers to a fake version of cryptocurrency exchange’s site to steal investors’ account credentials and private keys.

Etherdelta tweet

It is alleged that one EtherDelta customer lost approximately US $800,000 as a result.

Norwich-based Gunton – who went by the online handle of “Glubz” – is jointly charged by the US authorities with Anthony Tyler Nashatka, a resident of New York.

After Gunton received a 20 month prison sentence at Norwich Crown Court last month he was immediately released due to having already served his sentence while on remand.

However, things don’t look quite so cosy for Gunton when it comes to these new US charges, which could potentially result in a 20-year sentence if he is found guilty.

More details on how the EtherDelta hack is alleged to have been carried out – and how the employee’s two-step verification was waltzed around – can be found in this article on ZDNet. It’s well worth a read.

As a side note, EtherDelta’s Zachary Coburn was charged by the SEC in November 2018 with “running an unregistered securities exchange.”

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.