X
1716 Views

Gate.io Crypto Exchange Bitcoin Withdrawal Interface Breached

Spread the love
  • 5
    Shares

A recent report has made it known that a target-specific bug has been found in the code of a popular traffic counter service— Statcounter. The target website, in this case, is a popular crypto exchange —Gate.io. Based on the report, Gate.io uses the Statcounter enterprise-quality analytics service to track its web presence. As a result of this, the attackers were able to infiltrate the less secured Statcounter codes and use it as a backdoor into the exchange.

Statcounter JavaScript File Breach

The breach in the Statcounter JavaScript file was discovered by Matthieu Faou, a security researcher. Faou works for ESET, a company dealing in the provision of enterprise and consumer security products. The company also conducts research and penetration tests. Faou discovered that the breach was specifically targeted at Gate.io’s interface. The breach was designed to hijack bitcoin transactional processes on the platform. The researcher further explained that the breach will lead to bitcoin withdrawal addresses on the exchange getting replaced by that of the attackers.

The researcher also reported that the malicious code specifically targeted the withdrawal interface of the Gate.io code and no other section of the website was affected. How the Statcounter code got compromised is still not clear but the attack has been described as a very sophisticated one.
It was reported that for each attack a new bitcoin address is been generated. This means the code is practically part of the website and not restricted to a single browser. As a result of this, all users of the platform becomes a target.
Faou made it known that the code will not work on any other type of website as the structuring was designed to match that of the exchange.

The Statcounter script has been Removed from Gate.io

Since their attention was brought to the malicious code in the Statcounter script, Gate.io has removed the script from there webpage.

Based on the report released by the exchange, no attack has been recorded. This is because the breach was discovered before anyone made a withdrawal. The report also made it known that even though the code is a sophisticated one, it has failed to do its job when tested.


You may be interested

Top Cryptocurrencies to HODL For Passive Income
Learn
1176 views
Learn
1176 views

Top Cryptocurrencies to HODL For Passive Income

Anca Faget - November 21, 2018

There are various ways in which one can generate some extra income by hodling. There are several cryptocurrencies make this…

IBM Partner with Columbia University to Advance the Adoption of Blockchain Technology
News
882 views
News
882 views

IBM Partner with Columbia University to Advance the Adoption of Blockchain Technology

Joshua Tayo - November 20, 2018

Based on a recent report, it was made known that IBM and Columbia University (CU) has formed a partnership aimed…

Israel Investment Firm— Silver Castle Launches New Crypto Funds
News
958 views
News
958 views

Israel Investment Firm— Silver Castle Launches New Crypto Funds

Joshua Tayo - November 20, 2018

Despite the incessant bear market the crypto market is experiencing so far this year, there has been an increase in…