Earlier this week the hack of StatCounter, a web traffic analysis company, was reported. According to malware analyst Matthieu Faou (ESET) the hackers injected their code into the tracking script of the company, to hijack the bitcoin transactions of the exchange Gate.io (rank 39 by volume). The hackers exchanged the transaction adresses of the users against their own. This way the bitcoin transactions were redirected to the wallets of the hackers.
“A different Bitcoin address is used for each victim. We were not able to find the attackers’ main Bitcoin address. Thus, we were not able to pivot on the blockchain transactions and find related attacks.” Matthieu Faou – ESET
Hence the stolen amount of the cryptocurreny can not yet be estimated. So the question remains about the scale of the attack. According to Faou Gate.io doesn’t use StatCounter anymore, so the customers should be safe now.
Earlier this year malware researches reported of a similar attack in which the attackers used a clipboard wallet hijacker trojan. The trojan scans the clipboard activity. If he recognized crypto currency adresses he replaced them with their own and redirected the transaction to the wallets of the hackers.
This kind of malicious activity is not limited to crypto currencies. In Brazil hackers hijacked the entire online operation of a bank. The attack meant, that from the the hackers view
” you become the bank. Everything belongs to you now.” Dmitry Bestuzhev – Kaspersky Lab
Next to phishing millions of user datasets, the hackers also redirected ATM and point-of-sale transactions to infrastructure they controlled.
How to protect yourself
There is no real way of protecting yourself against the exchange you use or some other kind of infrastructure being hacked. Obviously you expect larger operations to put more money and manpower into security than the shady exchange in the depths of the darknet. But there is no guarantee against your transactions being redirected. Maybe if you plan to wire larger amounts of value, try out a tiny transaction first, to see if it arrives. But testing and using trusted infrastruture with an security focus is pretty much all you can do. There is no warranty against being hacked, especially if it’s not your infrastructure.
Header photo: Pixabay – Creative Commons CC0 – public domain
This article was written by the Hochfrequenz-Tulpentradingbot