Home / Crypto Currency / Hackers Exploit Tracking Service to Infiltrate Bitcoin Exchange Gate.io

Hackers Exploit Tracking Service to Infiltrate Bitcoin Exchange Gate.io

crypto bitcoin exchange hack


Statcounter is one of the oldest third-party user tracking services on the web, having existed since 1999. Beginning as a simple statistics and visitor counting service, Statcounter over time grew into what it is today: a full-fledged, enterprise-quality analytics service.

Gate.io, a more recent entrant in the bitcoin exchange space, used Statcounter to track user traffic until this week when a security researcher named Matthieu Faou discovered a breach in the Statcounter JavaScript file which was specifically targeted at Gate, capturing and hijacking bitcoin transactions made through the Gate interface.

Faou works for ESET, a security firm on the order of MalwareBytes or Norton, which provides consumer and enterprise security products and necessarily conducts research and penetration tests. He says the compromise was designed to replace bitcoin withdrawal addresses on the Gate.io platform with addresses belonging to the attacker.

Primary Script Was Compromised, But Only Gate.io Was Targeted

Courtesy of ZDNet

The attack was more sophisticated than some previous attacks of the same nature, such as malicious malvertising based attacks which installed themselves and did the same thing across websites, living in the browser rather than a piece of code on a single site. More sophisticated because the attackers generated a new address for each attack, making it extremely difficult to track the destination of the stolen funds.

It’s thus difficult to determine exactly how many users were affected. It’s also unknown how the breach went down in the first place via Statcounter.

The malicious code specifically targeted a relevant sector of the Gate.io code – namely, its withdrawal interface – and to Faou’s knowledge, the part of the script dedicated to stealing funds would not have worked on any other site because other sites are designed differently.

In response to the attack, Gate.io has removed the Statcounter script from their site.

Gate.io Says No Damages

According to a blog post by Gate.io, nothing actually happened as a result of the attack. This can only mean a couple things.

One, the script was poorly written and failed to actually do its job.

Two, ESET and Faou discovered the attack before anyone made a withdrawal on which the JavaScript would fire.

“On Nov. 6, 2018, we got the notice from ESET researcher’s report and the “ESET Internet Security” product that there’s a suspicious behavior in Statcounter’s traffic stats service. We immediately scanned it on Virustotal in 56 antivirus products. No one reported any suspicious behavior at that time [ …] However, we still immediately removed the Statcounter’s service. After that, we didn’t find any other suspicious behaviors. The users’ funds are safe. To have the maximum security, please make sure you have two-factor authentication (Google OTP or SMS) and two-step login protected.”

If it is indeed the case that no user transactions were compromised, then this was a narrow miss. All the same, the fact that the attackers went to the trouble of compromising a stalwart piece of web software in order to get at one single exchange demonstrates the need for constant awareness in cryptocurrency dealings. Do you trust the tools you’re using?

Featured Image from Shutterstock

Follow us on Telegram or subscribe to our newsletter here.
Read more

Check Also

Bitcoin Cash Price Gets Skewed due to Exchange Trickery

A lot of confusing action is taking place where the Bitcoin Cash price is concerned. Although its actual decline in value is quite obvious for everyone to see, the real price of BCH is not necessarily what people can see on Coinmarketcap. This is primarily because numerous exchanges treat BCHABC as Bitcoin Cash already despite nothing being decided in terms of which chain will be the longest. Bitcoin Cash Value Fluctuates Heavily Depending on where traders look at, the price of Bitcoin Cash will be either close to the $400 level or down to $250-ish. That is quite a large gap between prices, yet one that is also very easy to explain. Bitcoin Cash, as people knew it before the fork, no longer exists. Most professional exchanges have also retired this price ticker, for the time being. As the hash war rages on, there are still a lot of unknown factors waiting to be addressed. Despite this ongoing kerfuffle, there is a net 5.76% decrease in the Bitcoin Cash price, and a 5.4% decline over Bitcoin. More specifically, that is what CoinMarketCap reports at this time, although this is not necessarily the case whatsoever. In fact, some exchanges are clearly jumping the gun by labeling BCHABC as BCH and thus dragging the Bitcoin Cash price down a bit more. Exchanges currently engaging in this activity include Bittrex and Coinex, neither of which plays a big role of importance when it comes to trading. However, based on the current value of BCH on Bitfinex and Gate.io, it seems a similar incident is taking place. One also has to keep in mind Bitcoin Cash was getting battered ahead of the network split as well. Most exchanges have halted trading of BCH indefinitely, primarily because the currency no longer exists. It is evident either BCHABC or BCHSV will take over that name in the future, but nothing has been decided at this point. As such, any trading referring to just “Bitcoin Cash” or “BCH” should be avoided, as most users can never be sure which currency is effectively being traded under this name. All of this skews the picture pertaining to Bitcoin Cash altogether. Coinmarketcap reports there is still $392m in trading volume for BCH, even though that is virtually impossible right now. With so many exchanges freezing deposits and withdrawals, it is evident actual BCH trading is no longer possible whatsoever. Virtually all platforms have deposits of BCHSV and BCHABC frozen as well, which only makes this market trend more confusing. It is safe to say the entire network split has been a bit of a mess first and foremost. In the case of Bitcoin Cash itself, that name will – under the current circumstances- not be used across exchanges for much longer. Instead, the two separate camps need to be treated as such first and foremost. Until things settle down – with might not necessarily happen anytime soon – the Bitcoin Cash price itself is pretty much irrelevant for most traders and speculators. Disclaimer: This is not trading or investment advice. The above article is for entertainment and education purposes only. Please do your own research before purchasing or investing into any cryptocurrency. The post Bitcoin Cash Price Gets Skewed due to Exchange Trickery appeared first on NullTX.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.