Connect with us

News

Bit.in Exchange Gate.io tried to hack through the compromise of the web analytics service StatCounter

Published

on

Unknown hackers integrated the malicious code into the Irish web analytics service StatCounter in order to further hack the Gate.io. This was reported by experts of the ESET virus laboratory.

According to their information, the hackers modified the script of an external JavaScript file – www.statcounter.com/counter/counter.js, which is used to collect statistics on site visitors. Due to the fact that the malicious code was placed in the middle of the script, it was not immediately possible to detect the modification.

The script searches the URL for the line myaccount / withdraw / BTC, after which it adds a new code element to the web page – https: //www.statconuter.сom/c.php. The link is calculated on the inattention of users and leads to the domain registered by the attackers. ESET analysts found that the work of the false domain was already suspended in 2010 due to malicious activity.

They also found that Gate.io’s crypto-exchange was the ultimate goal of hackers, since only it uses the unified resource identifier https://www.gate.io/myaccount/withdraw/BTC to transfer Bitcoins from its own account to third-party addresses.

“The malicious script automatically replaces the user's bitcoin address with the attacker's address. Due to the fact that the scam server generates a new address every time a user loads the StatConuter script, it is difficult to determine how many bitcoins could be stolen, ” representatives of ESET told.

Currently StatCounter has been removed from Gate.io. The management of the Bitcoin exchange declared that “all the assets of its users are safe”.

According to CoinMarketCap, every day at Gate.io, traders perform bitcoin transactions worth $ 1.6 million.

Earlier, in November, hackers advertised the distribution of 10,000 bitcoins via fake Twitter accounts Ilona Mask, demanding that potential potential participants of the rally send from 0.1 to 1 BTC to the specified addresses. Damage from the actions of intruders exceeded $ 170 thousand.

Download the BlockchainJournal application for Android smartphones!

<< aside id = "unisender_subscribe_form-10" class = "widget unisender_form">

BlockchainJournal.news