Hackers Targets to Steal Bitcoins from Gate.io
November 9, 2018 3:25 pm
The cryptocurrency space has been a victim of various cryptocurrency hacking, cryptojacking, scams, and more. Recently Cybercriminals hacked StatCounter, one of the largest website traffic analytics platforms. The hackers transferred malicious code into more than 600,000 websites. The purpose was to gain access to Bitcoin held at the cryptocurrency exchange Gate.io.
Matthieu Faou, a malware researcher for the Bratislava, ESET, has found a line of malicious code in a website traffic-tracking script provided by StatCounter.
StatCounter tracks multiple websites uses for the audience development, sales conversations and much more. Websites should include a line of code for their sites, that tracks these particular website statistics. This has now turned into a vulnerability, leading to over 688,000 websites loading the line of malicious code.
Around 700,000 websites seem to be safe from any potential harm. Because the malicious code specifically targets Bitcoin transactions being made through popular cryptocurrency exchange Gate.io. According to the data from CoinMarketCap, Gate.io is currently ranked 40th by adjusted trading volume. The exchange has nearly $50 million daily trading volume, making the exchange a prime target for cybercriminals.
Matthieu Faou said that on November 3 the code was first added to StatCounter’s website-tracking script. The code is also active for four days and have reached out to StatCounter, but has yet to receive a response.
The malware tracker said:
Faou included that the malicious code specifically searches for web pages that contain the URL path “myaccount/withdraw/BTC.” The code functions as a common cryptocurrency-targeting clipboard malware where wallet addresses replace Bitcoin wallet addresses. The cybercriminals who injected the code owns these addresses.
Hackers had also tried to hide their tracks by using a various Bitcoin address for each new victim that falls prey to the malware. Users won’t see the change of address until it’s too late, as the malware is designed to trigger after the user clicks on the submit button to transfer funds.
Gate.io announced that it had removed the StatCounter tracking script from its website.
The stats and analytics form tweeted:
For security concern, we will remove the Statcounter’s service on https://t.co/tEtOTJxaQA. https://t.co/8kWqgDWNXb has always put security the first. To maximum your assets security, we suggest that you have 2FA and two-step login protected.
— gate.io Exchange (@gate_io) November 7, 2018