Statcounter is one of the oldest tracking services of third-party users on the web, having existed since 1999. Starting from a simple statistics and visitor counting service, Statcounter has grown over time into what it is today: a real own quality corporate service analysis.
Faou works for ESET, an order security firm of MalwareBytes or Norton, which provides corporate and consumer security products and necessarily conducts research and penetration tests. He says the compromise was designed to replace the bitcoin withdrawal addresses on the Gate.io platform with the addresses belonging to the attacker.
Primary script was compromised, but only Gate.io was targeted
The attack was more sophisticated than some previous attacks of the same nature, such as malicious malverted attacks that were installed and did the same thing on websites, living in the browser rather than a piece of code on a single site . More sophisticated because attackers have generated a new address for each attack, making it extremely difficult to track down the destination of stolen funds.
It is therefore difficult to determine exactly the number of interested users. We do not even know how the breach ended up in the first place via Statcounter.
The malicious code specifically targeted a relevant sector of the Gate.io code, that is, the withdrawal interface, and to the knowledge of Faou, the part of the script dedicated to the theft of funds would not have worked on any other site because other sites have been designed differently.
In response to the attack, Gate.io removed the Statcounter script from its site.
Gate.io does not report damage
According to a blog post by Gate.io, nothing really happened after the attack. This can only mean a couple of things.
One, the script was badly written and could not really do its job.
"On November 6, 2018, we received the warning from the report of the ESET researcher and the product" ESET Internet Security "that there is a suspicious behavior in the Statcounter traffic statistics service.We immediately scanned on Virustotal in 56 antivirus products No one reported any suspicious behavior at the time [ …] However, we still removed the Statcounter service immediately. After this, we did not find any other suspicious behavior. Users' funds are safe. For maximum security, make sure you have two-factor authentication (Google OTP or SMS) and secure two-step login. "
If it is true that no user transaction has been compromised, then this was a limited lack. At the same time, the fact that the attackers took the trouble to compromise a strong piece of web software for a single exchange demonstrates the need for constant awareness in cryptocurrency reports. Do you trust the tools you are using?
Shutterstock foreground image
Get an exclusive cryptographic analysis by professional traders and investors on Hacked.com. Register now and receive the first month for free. Click here.