Hackers infected 700,000 websites in a Bitcoin-stealing hack targeting one single site: Gate.io. Does that sound a little counterproductive to you? Understandable, but the full story is actually pretty logical. Read on to see for yourself.
The Complex Bitcoin-Stealing Hack of Gate.io – The Full Story
On November 6, security researcher Matthieu Faou of ESET discovered a malicious code on StatCounter. For my readers that aren’t familiar with traffic tracking, StatCounter is a website that offers traffic tracking solutions for other websites, just like Google Analytics.
Here’s where things get interesting… and complex.
So, the hackers dropped the malicious code in StatCounter’s traffic-tracking script, which is the piece of code that StatCounter’s customers put on their own sites to start gathering data on their traffic. Since the malicious code was on the traffic-tracking script, around 700,000 sites end up with the malicious code on their sites too. That being said, only one of the 700,000 sites was affected: Gate.io.
Yup, you read that right. The hackers went through all of that trouble, infected thousands and thousands of websites…to steal cryptocurrency from just one site. But, how did they manage to target Gate.io alone?
Easy. The malicious code they dropped into StatCounter only activates when a single specified path exists:
Now, the above-mentioned path is the same path used by Gate.io during a Bitcoin withdrawal. No other website has that specific string in any of their URLs. This cryptojacking code replaces the cryptocurrency address a user puts in for the withdrawal with another address that the hackers themselves have access to. To make it even more effective, the code will replace the addresses after a user hits the send button.
Now, the good news is that the ESET researcher reached out to Gate.io and informed them of the code in their traffic-tracker. Soon enough, Gate removed the script from their website. However, the original malicious code is still on StatCounter to this day.
StatCounter and Other Websites – Are They Safe to Use?
So what about StatCounter and the other 699,999+ infected sites? Are they safe to use?
Yes. The code itself is a cryptojacking code. That means that websites that don’t deal with Bitcoins at all are, for obvious reasons, safe.
The biggest problem is that no one really knows how the hackers managed to get the malicious code into StatCounter in the first place. In fact, the hackers were able to cover their tracks terrifyingly well. They used a completely different and unique Bitcoin address for every single hacked transaction. ESET has not been able to figure out who the attackers are because they don’t really have anything to trace back to them.
So, yes, while StatCounter and the other infected websites are safe to use, we have no idea how the hack happened or what to look for next. In other words, we don’t know how or when it will happen again.
The Complex Bitcoin-Stealing Hack – Final Thoughts
And there you have it, everything we know about the Bitcoin-stealing hack that specifically targeted Gate.io. We might not be able to figure out how the hackers got the script onto StatCounter or who they actually are. However, this convoluted hack does show us how important it is to start thinking outside of the box when it comes to protecting ourselves online. As for my crypto-currency using readers, Gate might have been affected but there are still many exchange sites out there that you can use. In fact, I suggest you check out our list of the best cryptocurrency exchange sites for reference. While you’re at it, check out our list of the most private cryptocurrencies too.