ESET reported a hack attack at popular service of web-analytics that could grant access to the crypto exchange platform.
As the company experts stated in the report, the main web-analytics provider Ireland's StatCounter was hacked in early November via integrated malware into pages of the service.
"Attackers modified the script at www.statcounter[.]com/counter/counter.js by adding a piece of malicious code... This is unusual, as attackers generally add malicious code at the beginning, or at the end, of a legitimate file. Code injected into the middle of an existing script is typically harder to detect via casual observation," said the report.
It was discovered during the research that this script was aimed at incorporating of URI "myaccount/withdraw/BTC", so it is clear that the real target of the hackers was a bitcoin trading platform. This URI was used only by Gate.io, so this platform could probably become a victim of this attack. This platform uses the URI to transfer bitcoins to third-party addresses, while the malware code may replace the target address to hackers' ones.
Besides, the attackers also used the domain very similar to StatCounter. In fact, they have changed two letters making StatConuter, and many users considered this page as the original one. As ESET commented, "this domain had already been suspended in 2010 for abuse."
As for Gate.io, ESET immediately sent a corresponding notification to the exchange. The latter deleted this analytical service and confirmed that all assets are secured.