Hackers Attack Crypto Exchange With Bitcoin-Stealing Malware
A group of hackers attacked a crypto exchange Gate.io, and compromise its web analytics platform to infect users. According to reports, these actors have compromised StaTcouter, a famous site based in Ireland, in an attempt to steal Bitcoin from the users of Gate.io.
The attacker was able to inject a malicious code into the script of the page that had a domain that was really like the one from the original page, named “StatConuter”. This new domain was harder to spot than many traps. It was the Slovakian cybersecurity firm, ESET, that detected the attack, and in this case, it also affirmed that the domain was also used for a scam back in 2010.
Even though maximum people (2-million) use StatCouter, and were touched by the scam, but only the Gate.io users were affected. The script, targeted “myaccount/withdraw/BTC” from Gate.io. The script replaces the address of the victims with the address from the attackers, so they would send Bitcoin to them instead.
As reported by The Next Web’s Hard Fork, a total of 688,000 sites was affected by the malware as they used StatCounter.
ESET, which originally discovered the whole scheme, alerted the staff of Gate.io as soon as possible about the security breach and the malware was immediately removed from StatCounter. As the address keeps changing, ESET was not able to determine how much money was lost. However, Gate.io handles a volume of $1.7 million USD worth in BTC every day, so the damage might have been bigger.
StatCounter is a lot like Google Analytics and it is used to analyze internet traffic flow. In order to get the statistics directly to your site, you have to use the code of StatCounter and the hackers used this to get the money from the users.
Gate.io is a very reputed company while not a top 10 crypto exchange. At the moment, the company is at 38th at the ranking of the largest crypto exchange by trading volume. The company has also urged its users to always use two-factor authentication and a two-step login protection in order to be free from this kind of scam after the attack happened.