Gate.io Crypto Exchange Hacked Through Statcounter Backdoor

Bitcoin exchange platform Gate.io withdrawal interface has been compromised. The crypto exchange uses Statcounter, a popular traffic counter service that offers enterprise-quality analytics service, to track its web presence and according to a recent report a target-specific bug has been found in the sites code. In a backdoor breach, hackers were able to penetrate Gate.io through the Statcounter code.

Matthieu Faou, a security researcher ESET, a popular cybersecurity company that provides enterprise and consumer security products, was the one to detect the exploit in the Statcounter JavaScript file. Faou detected that Gate.io’s interface was specifically targeted. The purpose of the hack was to undermine the platforms bitcoin transactional process, where the bitcoin withdrawal addresses are replaced with the cybercriminals.

The hackers inserted the code into Statcounter’s JavaScript file, with the only target being Gate.io’s withdrawal interface, leaving the rest of the site unmolested. As of now, it is undisclosed how Statcounter’s code was breached, but according to experts, it was well crafted. Fraou detailed the techniques involved in the hack, where every attack against the system generated a new bitcoin address, and basically integrated itself with the site, leaving all users as potential victims. The ESET security researcher explained that this code is specific to Gate.io and will not work with another site.

After the malicious code was detected, Gate.io subsequently removed the script from there website. While the attack had penetrated security, it had yet to commence any attacks, leaving the hackers empty-handed.