Gate.io exchange believed to be target of embedded attack
Updated One of the top traffic metrics websites on the internet is apparently being used by criminals to steal Bitcoins from a currency exchange.
The ESET team today said that the crooks injected malicious code within
While millions of sites may have pulled in that modified code, however, it appears that just one site was the target. ESET's eggheads say the malicious code within the StatCounter script performs a single check for a specific path: myaccount/withdraw/BTC.
"It turns out that among the different cryptocurrency exchanges live at time of writing, only gate.io has a valid page with this URI," explained ESET malware researcher Matthieu Faou.
"Thus, this exchange seems to be the main target of this attack."
Should that path be accessed by a visitor, a second script on a separate domain is fetched and executed. That script tries to redirect any Bitcoin transactions to one of several wallet addresses controlled by the masterminds of this attack.
Bitcoin backer sues AT&T for $240m over stolen cryptocurrencyREAD MORE
Because the thieves used multiple wallets to receive the hijacked funds, the researchers do not know precisely how much was stolen. They believe, however, that the loss could be significant.
Gate.io did not respond to a request for comment, and StatCounter also could not be reached. ESET says it has notified both companies of the caper.
"Even if we do not know how many Bitcoins have been stolen during this attack, it shows how far attackers go to target one specific website, in particular a cryptocurrency exchange," said Faou.
"To achieve this they compromised an analytics service’s website, used by more than two million other websites, including several government-related websites, to steal Bitcoin from customers of just one cryptocurrency exchange website." ®
Updated to add