Pages:
Author

Topic: Nearly 700,000 websites are hacked in bid to steal cryptocurrency - page 2. (Read 355 times)

hero member
Activity: 1582
Merit: 759
This has absolutely nothing to do with hardware wallets/paper wallets.

This is about the point of exchange when buying/selling cryptocurrency. The security of the wallets you HODL in has nothing to do with this.
full member
Activity: 539
Merit: 100
I agree with all the above written. I would recommend everyone to buy hardware wallets or use paper.
member
Activity: 308
Merit: 13
Hacker attacks have been and will be, this should be a stimulus to strengthen the defense, and investors need to be careful. No one will take care of your money except you.
member
Activity: 126
Merit: 29
Get Maximalist or Get Wrecked
Up to 700,000 web pages were targeted in the hack

Pages arent websites...

Per the report, through the script was loaded on many websites, there is nothing much to fear.

OK

legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

Banks are also targeted by hackers and people still keeps money in banks.
And the hacks don't really target wallets. An investor looks around very carefully (or pays somebody to) and see the reality: if some minimum common sense precautions are done, the Bitcoin is safe.
So no, the hacks are not the issue. Actually during the history the number of hacks seems to decrease and also the fuzz around them. The exchanges started to learn their lesson and stay more safe.
hero member
Activity: 3192
Merit: 939
This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

"Popular web analytics platform Statcounter experienced a breach on November 3, according to research from malware researcher Matthieu Faou. Up to 700,000 web pages were targeted in the hack which primarily aimed to steal cryptocurrency through a malicious script. Per the report, through the script was loaded on many websites, there is nothing much to fear. The malicious Statcounter script behind the attack primarily targeted the cryptocurrency exchange Gate.io to generate Bitcoin addresses. Only if the URL or content in a given webpage contained references to “myaccount/withdraw/BTC” would the malicious script activate and then silently connect to the exchange to fill the hackers’ pockets with money."

See more: https://www.digitaltrends.com/computing/statcounter-700000-websites-hacked-cryptocurrency/



There's no magic solution that will stop hackers once and for all.It's a constant battle between hackers and the programmers/ethical hackers.I don't really think that the big institutional investors are that conserned about crypto security.The hackers usually target smaller "victims".
legendary
Activity: 1946
Merit: 1137
This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors.

an investor never worries about an exchange being hacked! the only thing important for them is bitcoin being secure in a safe wallet and there are enough options for that from hardware wallets to paper wallet cold storage that they don't have to worry about anything.

the only reason why people are afraid to invest in bitcoin is the FUD that is always around and the fact that bitcoin is still new and unknown to many of them.
jr. member
Activity: 98
Merit: 2
This is one of the reasons that traditional investors and big investors are afraid to enter this market
I actually do not think so, no system whatsoever is safe from hackers..
The cryptocurrency world may be a bit more risky die to its anonymous nature, and hence no way/detail to trace a hacker...
But every financial system is plagued with its own fair share of menace, most of our traditional Fiat currencies are being counterfeited every day in millions,and being used to dupe/deceive people..

The bottom line remains one has to take preventive measures to protect him/herself from this fraudulent individuals/group of people
member
Activity: 210
Merit: 29
Your wallet serves as your cryptocurrency bank and for extra security you best use a hardware wallet or a order wallet

Taking your assets into a third party website contains the same risk as when you do that with fiat currencies.. And the risk of loss is high in both cases.
This is a decentralized protocol and all losses or damages usually fall onto the affected individuals.
Only sustained legal pressure can force out the owners of that platform and hold them accountable.
hero member
Activity: 1582
Merit: 759
So essentially a lesson to Bitcoin related businesses: Watch your 3rd party dependencies, and load only versioned assets which have to be audited before releases. Don't ever embed something from a remote website that will be updated unless it's a 100% known and trusted source (and even then, know that you're at the will of their security)

My assumption is that Statcounter was embedded via Javascript onto Gate.IOs website. As statcounter was exploited, so was Gate.IOs website (script probably just watched for access to withdrawal page and then attempted to act as the client)
On a side note: The whole 700,000 websites hacked claim is somewhat disingenuous though. Yes, technically, 700,000 websites were "exploited", but the exploit was only targeted at 1 website, and probably didn't even effect any of the other websites at all (although further analysis would probably be required). Hacked somewhat insinuates data losses / exploitation at all websites, which obviously isn't exactly true.

Yeah, it just means 700k websites loaded the script. The malicious part doesn't kick in unless it's loaded on gate.io. This isn't as bad as it's being painted to be.

Yea, I mentioned that as a side note, it's not as bad in general. For Gate.IO, it's quite bad; and the trust from crypto businesses towards StatCounter is going to fold. However, the whole 700k websites number is more or less just an arbitrary number in this case.
hero member
Activity: 1834
Merit: 759
This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

I really don't think they're too concerned with hackers. They target everything anyway. There's really no solution to them except by making their activities unprofitable through protecting ourselves.

In this case, installing a script blocker on your browser (like NoScript for Firefox or ScriptSafe on Chrome) likely would have protected you. You should install one either way as they also stop stuff like malvertising.

My assumption is that Statcounter was embedded via Javascript onto Gate.IOs website. As statcounter was exploited, so was Gate.IOs website (script probably just watched for access to withdrawal page and then attempted to act as the client)
On a side note: The whole 700,000 websites hacked claim is somewhat disingenuous though. Yes, technically, 700,000 websites were "exploited", but the exploit was only targeted at 1 website, and probably didn't even effect any of the other websites at all (although further analysis would probably be required). Hacked somewhat insinuates data losses / exploitation at all websites, which obviously isn't exactly true.

Yeah, it just means 700k websites loaded the script. The malicious part doesn't kick in unless it's loaded on gate.io. This isn't as bad as it's being painted to be.
hero member
Activity: 1582
Merit: 759
So essentially a lesson to Bitcoin related businesses: Watch your 3rd party dependencies, and load only versioned assets which have to be audited before releases. Don't ever embed something from a remote website that will be updated unless it's a 100% known and trusted source (and even then, know that you're at the will of their security)

My assumption is that Statcounter was embedded via Javascript onto Gate.IOs website. As statcounter was exploited, so was Gate.IOs website (script probably just watched for access to withdrawal page and then attempted to act as the client)

This is really bad, and the only way to survive is to store Bitcoin in hardware wallet and HODL. Even storing in exchange sites and web wallets are not safe anymore. Even legit sites might fall from DNS hacked.

This isn't really about holding bitcoin. This could have targeted a user who followed the hardware wallet / cold storage principle, but wanting to sell some Bitcoin, may have been affected by this.

On a side note: The whole 700,000 websites hacked claim is somewhat disingenuous though. Yes, technically, 700,000 websites were "exploited", but the exploit was only targeted at 1 website, and probably didn't even effect any of the other websites at all (although further analysis would probably be required). Hacked somewhat insinuates data losses / exploitation at all websites, which obviously isn't exactly true.

Also, Fauo's quote here:

Quote
“Attackers modified the script at www.statcounter[.]com/counter/counter.js by adding a piece of malicious code. … In the middle of the script. This is unusual, as attackers generally add malicious code at the beginning, or at the end, of a legitimate file. Code injected into the middle of an existing script is typically harder to detect via casual observation,” explains Faou.

I'm not entirely sure where he's getting his information from, but realistically, the whole "code at the beginning, or at the end" is somewhat debatable. Credible and legitimate attackers would hide the code in such a way that's it's not identifiable to casual observation, maybe novices would not take too much care in this. Realistically, shame on Statcounter for not building systems to watch this code & create alerts if it changes at all. This could have easily been prevented by an alert thrown off by the changing of the file not inline with their developers modifications (checksum validation)
newbie
Activity: 22
Merit: 0
This is really bad, and the only way to survive is to store Bitcoin in hardware wallet and HODL. Even storing in exchange sites and web wallets are not safe anymore. Even legit sites might fall from DNS hacked.
jr. member
Activity: 70
Merit: 4
This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

"Popular web analytics platform Statcounter experienced a breach on November 3, according to research from malware researcher Matthieu Faou. Up to 700,000 web pages were targeted in the hack which primarily aimed to steal cryptocurrency through a malicious script. Per the report, through the script was loaded on many websites, there is nothing much to fear. The malicious Statcounter script behind the attack primarily targeted the cryptocurrency exchange Gate.io to generate Bitcoin addresses. Only if the URL or content in a given webpage contained references to “myaccount/withdraw/BTC” would the malicious script activate and then silently connect to the exchange to fill the hackers’ pockets with money."

See more: https://www.digitaltrends.com/computing/statcounter-700000-websites-hacked-cryptocurrency/

Pages:
Jump to: