Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Crypto exchange Gate.io has removed the StatCounter service following an ESET security breach report saying âusersâ funds are safe.â
Crypto exchange Gate.io has removed web analytics tool StatCounter from their website following a breach report by cybersecurity firm ESET, according to an official blog post published today, Nov. 7.
The company has reported that they immediately removed StatCounter's traffic stats service after receiving a security notice by ESET about suspicious behavior. Gate.io claimed they subsequently scanned the website with 56 antivirus products, and âno one reported any suspicious behavior at that time.â However, the firm still changed its traffic tracker, also reporting that âusersâ funds are safe.â
On Nov. 6, Slovakia-based cybersecurity firm ESET published a security report claiming that hackers had successfully breached major web analytics tool StatCounter, targeting Bitcoin (BTC) exchanges that use the traffic analytic service. According to ESET researcher Matthieu Faou, the attackers compromised the StatCounter platform â which is reportedly used by more than two million other websites â by modifying the JavaScript (JS) code on each page of the website.
The hackers managed to add a piece of malicious code containing âmyaccount/withdraw/BTC,â which intends to replace the destination address of a Bitcoin transfers by crypto exchange users with an address belonging to the attackers.
Modified script at www.statcounter[.]com/counter/counter.js. Source: WeLiveSecurity
According to Faou, who is reportedly the first to detect the âsupply-chain attack,â this Uniform Resource Identifier (URI) âmyaccount/withdraw/BTCâ has been solely valid on crypto exchange Gate.io, allegedly âthe main target of this attack.â
Now-ranked the 38th top crypto trading platform by daily trade volume as of press time, the exchange is quite popular in China with a rank of 9,382 in terms of in-country traffic, while its global rank amounts to 33,365, according to SimilarWeb traffic data and analytics tool.
In the conclusion to his report, the ESET researcher stated that the recent security breach again demonstrates the fact that external âJavaScript code is under the control of a third party and can be modified at any time without notice.â
As reported by Cointelegraph earlier this year, JS has been one of the major tools of hackers implemented in cryptojacking. According to the analysis, JS-based browser add-ons and extensions are âextremely vulnerable to hacking attacksâ and often used for hidden mining by deploying users computing resources. For example, in mid-October, researchers found a crypto-mining malware that hides itself behind a fake Adobe Flash update.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.