Author

Topic: [2018-11-07] Hackers Exploit Tracking Service to Infiltrate Bitcoin Exchange (Read 138 times)

copper member
Activity: 658
Merit: 284
I wonder how many Gate.io users realise it used to be Bter.com which was 'hacked', vowed to pay back users through its earnings and then gradually lost interest in doing so and was miraculously reborn.

If I remember rightly they claimed that 'hack' was through their site's host. At least no one this time is seemingly out of pocket. I'll double down on never using them all the same.
I had a very bad experience with Gate.io because in April 2018 I deposited my ETH and I can't withdraw. I PMed the Gate.io admins via telegram they told me I must do the KYC, up to KYC2 level before I can withdraw. I told them I'm not interested in giving out my personal information through KYC. They replied to me no KYC no withdrawals. I figure out I don't have a choice they are trying to steal from me If I don't provide my personal information. Then, I did the KYC1 and KYC2 for about 6 hours before I withdraw my ETH.
legendary
Activity: 2590
Merit: 3014
Welt Am Draht
I wonder how many Gate.io users realise it used to be Bter.com which was 'hacked', vowed to pay back users through its earnings and then gradually lost interest in doing so and was miraculously reborn.

If I remember rightly they claimed that 'hack' was through their site's host. At least no one this time is seemingly out of pocket. I'll double down on never using them all the same.
copper member
Activity: 658
Merit: 284
Hackers Exploit Tracking Service to Infiltrate Bitcoin Exchange Gate.io



Statcounter is one of the oldest third-party user tracking services on the web, having existed since 1999. Beginning as a simple statistics and visitor counting service, Statcounter over time grew into what it is today: a full-fledged, enterprise-quality analytics service.

Gate.io, a more recent entrant in the bitcoin exchange space, used Statcounter to track user traffic until this week when a security researcher named Matthieu Faou discovered a breach in the Statcounter JavaScript file which was specifically targeted at Gate, capturing and hijacking bitcoin transactions made through the Gate interface.

Faou works for ESET, a security firm on the order of MalwareBytes or Norton, which provides consumer and enterprise security products and necessarily conducts research and penetration tests. He says the compromise was designed to replace bitcoin withdrawal addresses on the Gate.io platform with addresses belonging to the attacker.

Primary Script Was Compromised, But Only Gate.io Was Targeted

Courtesy of ZDNet

The attack was more sophisticated than some previous attacks of the same nature, such as malicious malvertising based attacks which installed themselves and did the same thing across websites, living in the browser rather than a piece of code on a single site. More sophisticated because the attackers generated a new address for each attack, making it extremely difficult to track the destination of the stolen funds.

It’s thus difficult to determine exactly how many users were affected. It’s also unknown how the breach went down in the first place via Statcounter.

The malicious code specifically targeted a relevant sector of the Gate.io code – namely, its withdrawal interface – and to Faou’s knowledge, the part of the script dedicated to stealing funds would not have worked on any other site because other sites are designed differently.

In response to the attack, Gate.io has removed the Statcounter script from their site.

Gate.io Says No Damages

According to a blog post by Gate.io, nothing actually happened as a result of the attack. This can only mean a couple things.

One, the script was poorly written and failed to actually do its job.

Two, ESET and Faou discovered the attack before anyone made a withdrawal on which the JavaScript would fire.

    “On Nov. 6, 2018, we got the notice from ESET researcher’s report and the “ESET Internet Security” product that there’s a suspicious behavior in Statcounter’s traffic stats service. We immediately scanned it on Virustotal in 56 antivirus products. No one reported any suspicious behavior at that time [ …] However, we still immediately removed the Statcounter’s service. After that, we didn’t find any other suspicious behaviors. The users’ funds are safe. To have the maximum security, please make sure you have two-factor authentication (Google OTP or SMS) and two-step login protected.”

If it is indeed the case that no user transactions were compromised, then this was a narrow miss. All the same, the fact that the attackers went to the trouble of compromising a stalwart piece of web software in order to get at one single exchange demonstrates the need for constant awareness in cryptocurrency dealings. Do you trust the tools you’re using?


Source: https://www.ccn.com/hackers-exploit-tracking-service-to-infiltrate-bitcoin-exchange-gate-io/
Jump to: