Crypto exchange Gate.io has removed the StatCounter service following an ESET security breach report saying “users’ funds are safe.”
The company has reported that they immediately removed StatCounter’s traffic stats service after receiving a security notice by ESET about suspicious behavior. Gate.io claimed they subsequently scanned the website with 56 antivirus products, and “no one reported any suspicious behavior at that time.” However, the firm still changed its traffic tracker, also reporting that “users’ funds are safe.”
The hackers managed to add a piece of malicious code containing “myaccount/withdraw/BTC,” which intends to replace the destination address of a Bitcoin transfers by crypto exchange users with an address belonging to the attackers.
According to Faou, who is reportedly the first to detect the “supply-chain attack,” this Uniform Resource Identifier (URI) “myaccount/withdraw/BTC” has been solely valid on crypto exchange Gate.io, allegedly “the main target of this attack.”
Now-ranked the 38th top crypto trading platform by daily trade volume as of press time, the exchange is quite popular in China with a rank of 9,382 in terms of in-country traffic, while its global rank amounts to 33,365, according to SimilarWeb traffic data and analytics tool.
As reported by Cointelegraph earlier this year, JS has been one of the major tools of hackers implemented in cryptojacking. According to the analysis, JS-based browser add-ons and extensions are “extremely vulnerable to hacking attacks” and often used for hidden mining by deploying users computing resources. For example, in mid-October, researchers found a crypto-mining malware that hides itself behind a fake Adobe Flash update.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.