Cybercriminals Compromise StatCounter To Steal Bitcoin From Gate.Io Exchange

Kevin O'Brien

A staff member from IT security company ESET wrote on November 6th about company research into an attack on a cryptocurrency exchange with the use of malicious JavaScript.

Matthieu Faou said cybercriminals managed to get their way inside of StatCounter, a well-known website similar to Google Analytics that gives people information about visitors.

The attackers managed to insert a bit of malicious code into an external JavaScript tag webmasters often use from StatCounter.

They were then able to steal cryptocurrency from the Gate.io exchange once the malicious code was embedded into the pages of its website.

Gate.io The Main Target

ESET said the Gate.io exchange seemed to be the target of the scheme even though millions of different websites could have utilized the modified code.

The security company cited data from coinmarketcap.com in their post to note how several million dollar's worth of transactions flows through the exchange each day.

According to ESET, the malicious script “tries to redirect any bitcoin transactions to one of several wallet addresses controlled by the masterminds of this attack,” if that specific path is “accessed by a visitor.”

Overall, the scheme was designed to make it virtually unnoticeable to the victims. Reporting said the exchange has stopped using StatCounter and removed its script from their website.

Questions About Number of Bitcoins Stolen

There are questions about how many bitcoins were taken in the scheme because a new bitcoin address was created each time the malicious script was forwarded to a victim.

Trying to determine losses is also complicated due to the use of multiple wallets by the attackers.

Reports explained that ESET notified StatCounter and Gate.io about the scheme.

The company said the theft was an example of how “far attackers go to target one specific website, in particular a cryptocurrency exchange,” especially since they “compromised” a well-known website to steal from just one exchange.

Reporting by Zdnet noted how the situation with StatCounter is yet another example of “recent supply-chain attacks” where third party JavaScript has been loaded onto websites.

OKEx, Skew Release 10 New Trading Data Charts as Partnership Evolves

Popular cryptocurrency exchange OKEx and crypto market derivatives data aggregator Skew have unveiled plans for the second phase of their partnership, release 10 new trading data charts as it evolves.

According to a press release published by OKEx the exchanges was the first one to share data from its futures and options markets through its own dashboard on Skew. The second phase of the collaboration between both organizations will add 10 new advanced charts with “even more in-depth metrics available to them.”

The second phase of the partnership between OKEx and Skew is set to bring various new features, among them the new charts. These include charts such as the BTC futures Aggregated Open Interest, the BTC Perpetual Swap Price vs Spot, and the BTC Options Volumes & Open Interest, among others.

chart.pngSource: OKEx

The new charts come shortly after OKEx expanded its derivatives portfolio with the launch of ETH/USD options on its platform, and with the announcement of EOS/USD options. The cryptocurrency exchange has been leading when it comes to derivatives trading volumes, thanks to perpetual swaps for top cryptoassets like BTC, ETH, and others.

In its announcement, OKEx claims the diversity it offers is appealing to institutional and professional traders who can keep their pricing strategies more flexible. Its main goal, it adds, is to make products “accessible to a wider audience of retail – as well as beginner – traders.” To do this, it invests resources in its Academy.

To bolster the partnership, the cryptocurrency exchange prepared a guide to highlight and explain how to read and analyze the new charts. OKEx’s Director of Financial Markets, Lennix Lai, commented:

We hope to provide even greater transparency for users through this second phase with Skew. That also means helping traders understand how to interpret sometimes complex charts and how to use the information to execute better trades.

Lai added that the guide will help users read and interpret the charts, as they can be “daunting at first and are typically left for advanced users.” As CryptoGlobe reported, last month OKEx announced an OKChain hackathon to boost the development of decentralized applications for its blockchain.

Featured image via Pixabay.