Matthieu Faou said cybercriminals managed to get their way inside of StatCounter, a well-known website similar to Google Analytics that gives people information about visitors.
They were then able to steal cryptocurrency from the Gate.io exchange once the malicious code was embedded into the pages of its website.
Gate.io The Main Target
ESET said the Gate.io exchange seemed to be the target of the scheme even though millions of different websites could have utilized the modified code.
The security company cited data from coinmarketcap.com in their post to note how several million dollar's worth of transactions flows through the exchange each day.
According to ESET, the malicious script “tries to redirect any bitcoin transactions to one of several wallet addresses controlled by the masterminds of this attack,” if that specific path is “accessed by a visitor.”
Overall, the scheme was designed to make it virtually unnoticeable to the victims. Reporting said the exchange has stopped using StatCounter and removed its script from their website.
Questions About Number of Bitcoins Stolen
There are questions about how many bitcoins were taken in the scheme because a new bitcoin address was created each time the malicious script was forwarded to a victim.
Trying to determine losses is also complicated due to the use of multiple wallets by the attackers.
Reports explained that ESET notified StatCounter and Gate.io about the scheme.
The company said the theft was an example of how “far attackers go to target one specific website, in particular a cryptocurrency exchange,” especially since they “compromised” a well-known website to steal from just one exchange.