Hackers Exploit Tracking Service to Infiltrate Bitcoin Exchange Gate.io
Statcounter is one of the oldest third-party user tracking services on the web, having existed since 1999. Beginning as a simple statistics and visitor counting service, Statcounter over time grew into what it is today: a full-fledged, enterprise-quality analytics service.
Faou works for ESET, a security firm on the order of MalwareBytes or Norton, which provides consumer and enterprise security products and necessarily conducts research and penetration tests. He says the compromise was designed to replace bitcoin withdrawal addresses on the Gate.io platform with addresses belonging to the attacker.
Primary Script Was Compromised, But Only Gate.io Was Targeted Courtesy of ZDNet
The attack was more sophisticated than some previous attacks of the same nature, such as malicious malvertising based attacks which installed themselves and did the same thing across websites, living in the browser rather than a piece of code on a single site. More sophisticated because the attackers generated a new address for each attack, making it extremely difficult to track the destination of the stolen funds.
Its thus difficult to determine exactly how many users were affected. Its also unknown how the breach went down in the first place via Statcounter.
The malicious code specifically targeted a relevant sector of the Gate.io code – namely, its withdrawal interface – and to Faous knowledge, the part of the script dedicated to stealing funds would not have worked on any other site because other sites are designed differently.
In response to the attack, Gate.io has removed the Statcounter script from their site.
Gate.io Says No Damages
According to a blog post by Gate.io, nothing actually happened as a result of the attack. This can only mean a couple things.
One, the script was poorly written and failed to actually do its job.
On Nov. 6, 2018, we got the notice from ESET researchers report and the ESET Internet Security product that theres a suspicious behavior in Statcounters traffic stats service. We immediately scanned it on Virustotal in 56 antivirus products. No one reported any suspicious behavior at that ...Read full story on CCN