Hackers are getting more and more inventive in their attempts to steal virtual coins from users of cryptocurrency exchanges. Just ask Gate.io.
According to the latest report published by anti-virus company ESET, a group of unknown cybercriminals breached Ireland-based web analytics platform StatCounter and integrated a malicious code to a plugin for gathering statistics on website visitors.
What Happened?
The attackers managed to modify the script of an external JavaScript file that webmasters usually embed into web pages they want to be tracked. Thus, by compromising the StatCounter platform, the attackers got the opportunity to disseminate their code among all websites that use the StatCounter tool — a big deal, considering that StatCounter gathers stats on more than 10 billion page views per month and has over 2 million registered websites. The malicious script was hidden in the middle of the script, which is why it took some time to discover the modification.Two Million Potential Victims, One Real Target
The hackers used a fake domain with a name very similar to the legitimate StatCounter address. Careless users clicked the fake link and went to the domain registered by hackers. Out of millions of websites connected to StatCounter, the hackers targeted the cryptocurrency exchange Gate.io — because its the only site that uses the Uniform Resource Identifier (URI) ‘https://www.gate.io/myaccount/withdraw/BTC’ to transfer Bitcoins from its own account to external addresses.How it Worked
The code automatically replaced the Bitcoin address entered by a Gate.io user with an address belonging to the hackers. While the administration of the exchange claim that users’ funds are out of danger, it is hard to say how many bitcoins (BTC) were actually stolen by hackers. Most likely the victims didn’t notice anything wrong as a new address was generated each time a visitor loaded the statconuter[.]com/c.php script and the replacement happened after they clicked “submit” button. Gate.io performs Bitcoin transactions to the tune of $1.6 million on a daily basis, which makes it a lucrative target for hackers. Have you ever used Gate.io? Let us know your thoughts in the hack in the comments below!Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
Tanya Chepkova
Tanya started as a financial news feed translator and worked as a financial analyst, news editor and content creator in various Russian and Foreign media outlets. She came to the cryptocurrency industry in 2016.
Tanya started as a financial news feed translator and worked as a financial analyst, news editor and content creator in various Russian and Foreign media outlets. She came to the cryptocurrency industry in 2016.
READ FULL BIO
Sponsored
Sponsored