Teenage TalkTalk hacker accused of $800,000 cryptocurrency theft in the United States

Graham Cluley
Graham Cluley
@[email protected]

Teenage TalkTalk hacker accused of $800,000 cryptocurrency theft in the United States

It’s only a month since 19-year-old Elliott Gunton, who had previously been convicted for his role in the infamous data breach of the UK telecoms firm TalkTalk, was hit with a 20 month prison sentence for stealing personal data and selling his hacking services.

Unfortunately for Gunton, his problems haven’t ended there.

As BBC News reports, Gunton is now facing charges from US authorities that he was involved in the December 2017 breach of Chicago-based cryptocurrency exchange EtherDelta.

Sign up to our free newsletter.
Security news, advice, and tips.

Court documents allege that Gunton gained control of an email account belonging to an EtherDelta employee – likely to be EtherDelta’s founder Zachary Coburn.

With information stolen from the account, hackers are alleged to have meddled with EtherDelta’s DNS records was able to redirect customers to a fake version of cryptocurrency exchange’s site to steal investors’ account credentials and private keys.

Etherdelta tweet

It is alleged that one EtherDelta customer lost approximately US $800,000 as a result.

Norwich-based Gunton – who went by the online handle of “Glubz” – is jointly charged by the US authorities with Anthony Tyler Nashatka, a resident of New York.

After Gunton received a 20 month prison sentence at Norwich Crown Court last month he was immediately released due to having already served his sentence while on remand.

However, things don’t look quite so cosy for Gunton when it comes to these new US charges, which could potentially result in a 20-year sentence if he is found guilty.

More details on how the EtherDelta hack is alleged to have been carried out – and how the employee’s two-step verification was waltzed around – can be found in this article on ZDNet. It’s well worth a read.

As a side note, EtherDelta’s Zachary Coburn was charged by the SEC in November 2018 with “running an unregistered securities exchange.”

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.