Hackers are getting more and more inventive in their attempts to steal virtual coins from users of cryptocurrency exchanges. Just ask Gate.io.
According to the latest report published by anti-virus company ESET, a group of unknown cybercriminals breached Ireland-based web analytics platform StatCounter and integrated a malicious code to a plugin for gathering statistics on website visitors.
The malicious script was hidden in the middle of the script, which is why it took some time to discover the modification.
Two Million Potential Victims, One Real Target
“This piece of code will first check if the URL contains myaccount/withdraw/BTC. Thus, we can already guess that the attackers’ goal is to target a Bitcoin platform. If the check passes, the script continues to add a new script element to the webpage and incorporating the code at https://www.statconuter[.]com/c.php,” ESET experts explained.
The hackers used a fake domain with a name very similar to the legitimate StatCounter address. Careless users clicked the fake link and went to the domain registered by hackers.
Out of millions of websites connected to StatCounter, the hackers targeted the cryptocurrency exchange Gate.io — because its the only site that uses the Uniform Resource Identifier (URI) ‘https://www.gate.io/myaccount/withdraw/BTC’ to transfer Bitcoins from its own account to external addresses.
How it Worked
The code automatically replaced the Bitcoin address entered by a Gate.io user with an address belonging to the hackers.
While the administration of the exchange claim that users’ funds are out of danger, it is hard to say how many bitcoins (BTC) were actually stolen by hackers.
Most likely the victims didn’t notice anything wrong as a new address was generated each time a visitor loaded the statconuter[.]com/c.php script and the replacement happened after they clicked “submit” button.
“Depending on whether the victim enters an amount above 10 BTC or not, the attackers’ script will either use it or use the victim’s account’s daily withdrawal limit,” ESET researches said.
Gate.io performs Bitcoin transactions to the tune of $1.6 million on a daily basis, which makes it a lucrative target for hackers.
Have you ever used Gate.io? Let us know your thoughts in the hack in the comments below!
Images courtesy of Shutterstock.