Hackers Breach Gate.io And Infect Around 700,000 sites With Bitcoin-Stealing Malware
A group of hackers has recently attacked Gate.io, a crypto exchange, in order to compromise its web analytics platform to infect users. According to reports, these actors have compromised StaTcouter, a famous site based in Ireland, in an attempt to steal Bitcoin from the users of Gate.io.
The attack consisted in injecting a malicious code into the script of the page that had a domain that was really like the one from the original page. Named “StatConuter”, this new domain was harder to spot than many traps. The ESET, which has found out about this case first, has also affirmed that the domain was also used for a scam back in 2010. ESET is a Slovakian cybersecurity firm that discovers this sort of attack often.
As more than two million sites use StatCouter, many people were touched by the scam but only the Gate.io users were affected. The script targeted “myaccount/withdraw/BTC” from Gate.io. The script replaces the address of the victims with the address from the attackers, so they would send Bitcoin to them instead.
As reported by The Next Web’s Hard Fork, a total of 688,000 sites were affected by the malware as they used StatCounter.
ESET, which originally discovered the whole scheme, alerted the staff of Gate.io as soon as possible about the security breach and the malware was immediately removed from StatCounter. As the address keeps changing, ESET was not able to determine how much money was lost. However, Gate.io handles a volume of $1.7 million USD worth in BTC every day, so the damage might have been big.
StatCounter is a lot like Google Analytics and it is used to analyze internet traffic flow. In order to get the statistics directly to your site, you have to use the code of StatCounter and the hackers used this to get the money from the users.
Gate.io, while not a top 10 crypto exchange, is a very representative company. At the moment, the company is at 38th at the ranking of the largest crypto exchange by trading volume. The company has also urged its users to always use two-factor authentication and a two-step login protection in order to be free from this kind of scam after the attack happened.