Home / Bitcoin / Hackers take advantage of the monitoring service to infiltrate Bitcoin Exchange Gate.io

Hackers take advantage of the monitoring service to infiltrate Bitcoin Exchange Gate.io

bitcoin encryption exchange

Statcounter is one of the oldest tracking services of third-party users on the web, having existed since 1999. Starting from a simple statistics and visitor counting service, Statcounter has grown over time into what it is today: a real own quality corporate service analysis.

Gate.io, a newer competitor in the bitcoin exchange space, used Statcounter to track user traffic until this week when a security researcher named Matthieu Faou discovered a violation in the Statcounter JavaScript file that was specifically targeted at Gate, capturing and hijacking bitcoin transactions accomplished via the Gate interface.

Faou works for ESET, an order security firm of MalwareBytes or Norton, which provides corporate and consumer security products and necessarily conducts research and penetration tests. He says the compromise was designed to replace the bitcoin withdrawal addresses on the Gate.io platform with the addresses belonging to the attacker.

Primary script was compromised, but only Gate.io was targeted

Courtesy of ZDNet

The attack was more sophisticated than some previous attacks of the same nature, such as malicious malverted attacks that were installed and did the same thing on websites, living in the browser rather than a piece of code on a single site . More sophisticated because attackers have generated a new address for each attack, making it extremely difficult to track down the destination of stolen funds.

It is therefore difficult to determine exactly the number of interested users. We do not even know how the breach ended up in the first place via Statcounter.

The malicious code specifically targeted a relevant sector of the Gate.io code, that is, the withdrawal interface, and to the knowledge of Faou, the part of the script dedicated to the theft of funds would not have worked on any other site because other sites have been designed differently.

In response to the attack, Gate.io removed the Statcounter script from its site.

Gate.io does not report damage

According to a blog post by Gate.io, nothing really happened after the attack. This can only mean a couple of things.

One, the script was badly written and could not really do its job.

Two, ESET and Faou discovered the attack before anyone did a retreat on which the JavaScript would fire.

"On November 6, 2018, we received the warning from the report of the ESET researcher and the product" ESET Internet Security "that there is a suspicious behavior in the Statcounter traffic statistics service.We immediately scanned on Virustotal in 56 antivirus products No one reported any suspicious behavior at the time [ …] However, we still removed the Statcounter service immediately. After this, we did not find any other suspicious behavior. Users' funds are safe. For maximum security, make sure you have two-factor authentication (Google OTP or SMS) and secure two-step login. "

If it is true that no user transaction has been compromised, then this was a limited lack. At the same time, the fact that the attackers took the trouble to compromise a strong piece of web software for a single exchange demonstrates the need for constant awareness in cryptocurrency reports. Do you trust the tools you are using?

Shutterstock foreground image

Get an exclusive cryptographic analysis by professional traders and investors on Hacked.com. Register now and receive the first month for free. Click here.


Source link