Tech 8 November 2018Ed Drake
Hackers exploit StatCounter analytics, targeting crypto exchange Gate.io
Hackers strike again—this time with popular analytics script StatCounter, in an attack that researchers say was an attempt to target a specific cryptocurrency exchange.
Researchers at ESET documented how they uncovered the hack, and how it was structured around running functions on a specific page at Gate.io, a cryptocurrency exchange which handles over $1.6 million in BTC transactions daily.
Intriguingly, this means the attack would have compromised millions of StatCounter users as a way of attacking just one specific user, Gate.io, which was running the StatCounter analytics script.
In a blog post, ESET’s Matthieu Faou described how the BTC scammers compromised StatCounter as a way of compromising every website using its analytics package.
On the structure of the hack, Faou said it demonstrates “…how far attackers go to target one specific website, in particular a cryptocurrency exchange. To achieve this they compromised an analytics service’s website, used by more than two million other websites, including several government-related websites, to steal bitcoin from customers of just one cryptocurrency exchange website. “
StatCounter is used by over 2 million websites, and tracks traffic in the order of 10 billion visits per month—with an Alexa rank of 5000, showing the sheer scale of the security breach.
Due to a particular URL structure indicated in the malicious code, ESET researchers were able to pinpoint specifically one page on the Gate.io exchange website as the ultimate target of the attack. StatCounter has already removed the malicious script, according to the security experts, while Gate.io stopped using StatCounter analytics services to prevent further infections. As of November 6, the “incident is now resolved and both websites can be browsed safely.”
While in this case the BTC scammers were specific in their target, the wider security implications—especially for those still using BTC—are a further reminder of the inherent defects in this cryptocurrency.
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.
Tech 15 February 2019
How Metanet creates an immutable Internet
Metanet and Bitcoin were roughly conceived “in the depths of the late 90s” from the concept of an economically incentivized Internet, according to nChain Chief Scientist Dr. Craig Wright.
Tech 15 February 2019
HSBC slashes forex costs with blockchain
The firm confirmed it had reduced costs for its forex business by as much as 25%, in what analysts describe as an example of the importance of distributed ledger technology to banks and their bottom lines.
Tech 14 February 2019
UC Berkeley launches blockchain accelerator for startups
The University of California, Berkeley recently announced the launch of a new blockchain-focused accelerator, the Berkeley Blockchain Xcelerator for blockchain startups.