Cryptocurrency exchange Gate.io has removed StatCounter, one of the most popular web analytics tools, from its website following reports of a security breach, the company announced in a blog post on November 7, 2018.
A Supply Chain Attack on Cryptocurrency Exchange
According to a blog post on Gate.io, the company decided to stop using StatCounter for traffic stats after getting a notice about suspicious behavior in StatCounter’s traffic stats service.
Matthieu Faou, the ESET malware researcher who discovered the hack, said that this malicious code hijacks any Bitcoin transactions made through the web interface of the Gate.io cryptocurrency exchange. “We contacted [StatCounter] but they haven’t replied yet,” Faou told ZDNet in an email.
Faou said the malicious code was first added to this StatCounter script on November 3, and that none of the companies that currently load the company’s tracking script have anything to fear. The malicious code inserted into StatCounter’s site-tracking script only targets the users of cryptocurrency exchange Gate.io.
Statcounter Web Analytics Script Set to Steal Bitcoins
According to a PublicWWW search, there are over 688,000 websites that currently appear to load the company’s tracking script. However, ESET’s research pointed out that the malicious code in question looks at the page’s current URL and won’t activate unless the page link contains the “myaccount/withdraw/BTC” path.
The URL targeted by the malicious code was quickly identified as belonging to the Gate.io exchange,