Once again, criminal hackers have targeted a cryptocurrency exchange. This time, they exploited one of the most used websites analytics tool – StatCounter. The hackers managed to insert malicious code within the main site-tracking script, consequently making thousands of websites vulnerable. However, the crypto exchange Gate.io looked like the main target of this attack. Consequently, Gate.io had to halt using StatCounter.
Crypto Exchange Gate.io Risked By Breached StatCounter
According to a report by the cybersecurity firm ESET, StatCounter suffered a security breach on November 3, 2018, allowing the hackers to gain access to numerous websites. The incident supposedly left several thousands of websites vulnerable, since all of them use StatCounter. The actual victim of this cyber attack seems to be Gate.io only.
As reported, hackers allegedly modified the script at www.statcounter[.]com/counter/counter.js by inserting a malicious script. Since they added the code in the middle of the script (contrary to what most hackers do), it became difficult to track the change.
The added piece of code essentially looked up the “myaccount/withdraw/BTC” path in the page link. Hence it clearly indicated the hackers’ intention to target a cryptocurrency website. While StatCounter might be used on various websites, the researchers noticed that the attack specifically targeted the crypto exchange Gate.io. As stated in their report:
“…the script targets a specific Uniform Resource Identifier (URI): myaccount/withdraw/BTC. It turns out that among the different cryptocurrency exchanges live at time of writing, only gate.io has a valid page with this URI. Thus, this exchange seems to be the main target of this attack.”
Exchange Confirms No Loss Of Funds
After receiving the report from ESET, Gate.io stopped using StatCounter. They also explained the scenario in their advisory.
“On Nov. 6, 2018, we got the notice from ESET researcher’s report and the “ESET Internet Security” product that there’s a suspicious behavior in Statcounter’s traffic stats service. We immediately scanned it on Virustotal in 56 antivirus products.”
Following the scan, the exchange removed the StatCounter tool. Moreover, they confirmed that funds remained safe during the incident. Nonetheless, they advised the users to employ 2FA for logging in to their accounts.
StatCounter also removed the malicious code from the script. While the matter seems resolved. Since the time the news about the breach surfaced online, Gate.io has been facing a decline in their rankings. At the time the news broke, the exchange resided at 39th position, only to reach 43 at the time of writing this article.