Elliott Gunton (born c. 1999), also known by his online pseudonyms Glubz and planet,[1] is a convicted British cybercriminal from Norfolk.[2]
TalkTalk security breach
On 21 October 2015,[3] Gunton engaged in a "sustained cyberattack" against British telecom company TalkTalk, stealing the names, addresses, e-mails, and bank details of its users.[4][5]
In November 2016, Gunton pleaded guilty to his role in the data breach, telling the youth court that he was "just showing off to [his] mates."[6][7][8] He received a 12-month youth rehabilitation order.[3]
August 2019 conviction
Gunton was again investigated in April 2019, after CCleaner was found on his computer during an unannounced police visit, which was in violation of his Sexual Harm Prevention Order (SHPO). Through the investigation, he was found to have committed further crimes after his initial arrest, and in August 2019, he pleaded guilty to, in 2017 and 2018, laundering money, committing Computer Misuse Act crimes, and breaching a SHPO. He had also probed the websites of local high schools for vulnerabilities and illegally accessed Australian telecom company Telstra's systems, which he then used to gain access to the Instagram account @adesignersmind to send "grotesquely offensive" messages to the owner's customers.[9]
During a search of Gunton's home, police discovered £407,359.35 in cryptocurrency, which he had allegedly acquired from selling the account details of Instagram users on cybercrime forums. He was sentenced to 20 months of imprisonment but was immediately released due to time served.[4] Gunton's mother and father were given three- and five-month suspended sentences, respectively, for transferring the stolen funds.[10]
After his conviction, Gunton's cryptocurrency was auctioned off, the "first ever on the instruction of a police force in the UK."[11][12]
EtherDelta cryptocurrency theft
On 13 August 2019, Gunton and Anthony Tyler Nashatka ("psycho") of Michigan[13] were indicted by a federal grand jury for their involvement in a December 2017 scheme to steal over US$1.4 million in Ethereum.[14] The two were accused of simjacking the CEO of the cryptocurrency exchange EtherDelta and using his access to redirect its users to a clone of EtherDelta, which would give Gunton and Nashatka details of cryptocurrency wallets that users had entered.[1][15]
In July 2024, Gunton was sentenced to 3½ years of imprisonment for his involvement in the scheme.[16]