Crypto Exchange Gate.io Removes StatCounter Service Following Report of Security Breach

Published at: Nov. 7, 2018

Crypto exchange Gate.io has removed web analytics tool StatCounter from their website following a breach report by cybersecurity firm ESET, according to an official blog post published today, Nov. 7.

The company has reported that they immediately removed StatCounter's traffic stats service after receiving a security notice by ESET about suspicious behavior. Gate.io claimed they subsequently scanned the website with 56 antivirus products, and “no one reported any suspicious behavior at that time.” However, the firm still changed its traffic tracker, also reporting that “users’ funds are safe.”

On Nov. 6, Slovakia-based cybersecurity firm ESET published a security report claiming that hackers had successfully breached major web analytics tool StatCounter, targeting Bitcoin (BTC) exchanges that use the traffic analytic service. According to ESET researcher Matthieu Faou, the attackers compromised the StatCounter platform — which is reportedly used by more than two million other websites — by modifying the JavaScript (JS) code on each page of the website.

The hackers managed to add a piece of malicious code containing “myaccount/withdraw/BTC,” which intends to replace the destination address of a Bitcoin transfers by crypto exchange users with an address belonging to the attackers.

Modified script at www.statcounter[.]com/counter/counter.js. Source: WeLiveSecurity

According to Faou, who is reportedly the first to detect the “supply-chain attack,” this Uniform Resource Identifier (URI) “myaccount/withdraw/BTC” has been solely valid on crypto exchange Gate.io, allegedly “the main target of this attack.”

Now-ranked the 38th top crypto trading platform by daily trade volume as of press time, the exchange is quite popular in China with a rank of 9,382 in terms of in-country traffic, while its global rank amounts to 33,365, according to SimilarWeb traffic data and analytics tool.

In the conclusion to his report, the ESET researcher stated that the recent security breach again demonstrates the fact that external “JavaScript code is under the control of a third party and can be modified at any time without notice.”

As reported by Cointelegraph earlier this year, JS has been one of the major tools of hackers implemented in cryptojacking. According to the analysis, JS-based browser add-ons and extensions are “extremely vulnerable to hacking attacks” and often used for hidden mining by deploying users computing resources. For example, in mid-October, researchers found a crypto-mining malware that hides itself behind a fake Adobe Flash update.

Tags
Related Posts
Binance CEO Suggests Crypto Exchanges Are Safer Than Keeping One’s Keys
Changpeng Zhao, the co-founder and CEO of cryptocurrency exchange Binance, suggested that for most, keeping crypto assets on an exchange is safer than keeping the keys themselves. Zhao gave his comments in a tweet on Jan. 19 after famous crypto skeptic and gold bug Peter Schiff complained that he lost access to his Bitcoin (BTC). Invoking the phrase “SAFU” — a slanger term in the crypto community for “safe,” Zhao said: “Many hardcore crypto [organizations] advocate storing your own keys. But the truth is, today most people are not able to secure a key even from themselves (losing it). A …
Bitcoin / Jan. 20, 2020
Bilaxy exchange suspends website after ERC-20 hot wallet hack
Bilaxy, a lesser-known cryptocurrency exchange, has confirmed a major hacking incident, reporting the losses of funds due to an exploit of the platform’s ERC-20 hot wallet. Bilaxy announced on its Telegram channel that the crypto exchange suffered a “serious hack” on Saturday between 6 pm and 7 pm UTC, resulting in the transfer of 295 different ERC-20 tokens. According to the exchange, the affected tokens were transferred by the hacker to a single address. At the time of writing, the tokens are valued at $170,600, with the most recent transaction sending out 50 Ether (ETH), or about $159,000, on Monday. …
Bitcoin / Aug. 30, 2021
Hotbit crypto exchange shuts down for maintenance after attempted hack
Cryptocurrency exchange platform Hotbit has shut down all of its services after an attempted cyberattack on Thursday. “Hotbit just suffered a serious cyber-attack starting around 08:00 PM UTC, April 29, 2021, which led to the paralyzation of a number of some basic services,” a notice on the platform’s website reads. The hackers were reportedly unsuccessful in gaining access to Hotbit’s wallets but did manage to compromise the platform’s user database. Thus, the Hotbit team has advised customers to disregard any communication from entities claiming to be representatives of the exchange. With all normal operations currently paused during the ongoing maintenance, …
Business / April 30, 2021
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
North Korean hackers stealing NFTs using nearly 500 phishing domains
Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting non-fungible token (NFT) investors — utilizing nearly 500 phishing domains to dupe victims. Blockchain security firm SlowMist released a report on Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs, including decoy websites disguised as a variety of NFT-related platforms and projects. Examples of these fake websites include a site pretending to be a project associated with the World Cup, as well as sites that impersonate well-known NFT marketplaces such as OpenSea, …
Nft / Dec. 26, 2022