A UK teenager convicted of hacking ISP TalkTalk in a notorious 2015 data breach has been indicted in the US for stealing funds from customers of a cryptocurrency exchange.
Elliott Gunton, 19, of Old Catton, near Norwich is accused alongside US citizen Anthony Nashatka of targeting the EtherDelta exchange.
Back in 2017, they are alleged to have gained control of an admin account belonging to CEO Zachary Coburn, using it to manipulate the site’s DNS records in order to redirect customers to a domain under their control.
Harvesting customer credentials in this way, they were allegedly able to subsequently log-in as these victims to steal cryptocurrency from their accounts.
The total sum stolen isn’t known, although one victim lost $800,000 in the operation, according to reports.
The charges, filed in San Francisco, could apparently lead to prison sentences of up to 20 years.
Gunton was only 16 when he hacked TalkTalk. Back in August, the teen was sentenced to 20 months behind bars for offering hacking services online. At that time he was ordered to pay back £400,000 in cryptocurrency he is said to have made from these endeavors.
After his arrest, police were able to trace at least £275,000 of these funds, although it’s unclear whether any of them were linked to the EtherDelta attack.
Edgard Capdevielle, CEO of Nozomi Networks, warned that law enforcers are slowly turning up the heat on budding cyber-criminals.
“While there can be no denying hacking tools are increasing in sophistication, the tools law enforcement use to track cyber-criminals are also improving,” he argued. “We are likely to continue to see more and more perpetrators charged for cybercrimes, making hackers think twice before launching attacks, as traces will always be left.”