Hackers infect 700K sites to steal crypto
Cybersecurity firm ESET has made a scary discovery. Researchers and analysts at the company have determined that a popular tool used to provide statistics on webpage traffic has been compromised to allow hackers to steal Bitcoin (BTC). In one targeted attack, more than 688,000 websites were found to be loading the malicious script.
StatCounter is a tool for web traffic analysis that is found on millions of sites. It is similar to Google Analytics and works through a special script that is added to the website's code. ESET indicates that hackers were able to manipulate the script to conduct their crypto-stealing escapades.
The code specifically targeted users of the Gate.io crypto exchange. The hackers were able to configure the code to change crypto wallet addresses on target machines. Once the target was infected, any time a user made a transaction, they ran the risk of having the crypto sent to a hacker's address, instead of the intended recipient's address.
Gate.io handles more than $1.7 million daily in crypto, according to CoinMarketCap. The company has announced that it is going to remove the StatCounter script from its site and is urging users to enable two-factor authentication for their accounts.