0
📰 News
51 views

Attacks on Exchanges and Institutions for Stealing and Illegal Mining Intensify

  • Antony Koroid
    📰 News

    Cryptocurrency hackers attacked one of the most frequently used Web traffic analysis services StatCounter to steal Bitcoins from the Gate.io exchange users

Attacks on Exchanges and Institutions for Stealing and Illegal Mining Intensify
Cover image via u.today
Contents

Cryptocurrency hackers attacked one of the most frequently used Web traffic analysis services StatCounter to steal Bitcoins from users of Gate.io, an online exchange.

Malicious script

A deliberate attack resulted in more than 688,000 websites discovered to be loading the malicious script.

StatCounter is very similar to Google Analytics. It allows analyzing Internet traffic on the websites. To get this stat, a webmaster needs to add the StatCounter code to their site. This design aspect appears to be widely used by hackers to embed and distribute their malicious code.

The attack redirected traders’ crypto transactions while Gate.io users were trying to withdraw or transfer their BTC. The code simply replaced any entered on the page BTC address with a hacker’s one.

👉MUST READ

Reddit: Bitmain’s Mining Pools Rejecting SegWit Transactions

Reddit: Bitmain’s Mining Pools Rejecting SegWit Transactions

The exploit was first discovered by the researchers of ESET, a Slovakian firm specializing in cybersecurity. They described it as a “supply-chain attack.” The attack affected almost a million websites, but the threat seems to have been localized to one specific URL domain: Gate.io, a cryptocurrency exchange with a turnover of more than $1.7 mln per day, experts from ESET noted.

The code used by hackers wouldn’t be malicious unless the link contained a specific line: “myaccount/withdraw/BTC.” According to security professionals, Gate.io is the only website using a URL having this string

Who was hurt?

A security hole appeared a few days ago, but it is still difficult to say exactly how many people were affected by this attack, as well as how much money hackers stole.

ESET notes that the script automatically generates a new Bitcoin address each time it is launched. This effectively neutralizes the ability to link BTC transactions together in a meaningful way, which frustratingly protects the attackers’ identity.

👉MUST READ

Bank of Israel Warns against Launching Digital Shekel for Now

Bank of Israel Warns against Launching Digital Shekel for Now

According to the Gate.io exchange, it intends to remove StatCounter from its website as soon as possible. The exchange also urged its users to enable 2FA and two-step login protection.

Canadian university under attack

St. Francis Xavier University in Nova Scotia, Canada, was forced to disable its campus network after it was discovered that hackers seized its computing power to surreptitiously mine crypto.

According to the administration, during the attack, no personal information was compromised. However, it caused quite a few problems on the campus.

Among others, the statement points out that the network shutdown made it impossible to use Wi-Fi and provide debit card transactions. The university says it is still recovering from the attack but expects its services to be restored and launched soon.

The attack epidemy

There were numerous crypto attacks on institutions over the past few months. Back in February, British researchers discovered tons of infected government websites mining Monero. More recently, it turned out that many hackers had also secretly seized Indian government websites for crypto mining.

According to research made by RWTH Aachen University, Monero crypto-jackers earn about $250,000 each month.

Subscribe to the official U.Today Telegram channel. Get news first!

About the author

The journalist with 10 years of experience in print and digital media. Last 2 years deeply immersed into the cryptocurrency & blockchain technology area.

👓 Recommended articles

This site uses cookies for different purposes. Please set your preferences in Cookie Settings and visit our Cookie policy for more information on how and why cookies are used on this site. Click here for cookie policy

Cookie settings