Hackers Find Loophole For Attack On Gate.io Crypto Exchange
Intruders, who managed to hack a well-known analytical website, could attack the Gate.io trading platform, the press service of the ESET company, which operates in the cyber security sphere, reports.
Hackers who introduced a malicious program and registered a domain that at first glance was difficult to distinguish from the real one as scammers inverted two letters in its name, attacked Irish website StatCounter, which is a tool for analyzing web traffic and an analogue of Google Analytics. ESET also provided information that the work of this domain has already been interrupted due to its harmfulness.
StatCounter has over two million participating websites and monitors monthly views of billions of pages, it holds the 5072nd position in the Alexa rating.
Numerous websites mistook the fake account for the original one, but most likely, the scammers were interested in Gate.io crypto exchange. ESET specialists report that the purpose of the virus program was the identifier (URI) myaccount/withdraw/BTC. Only Gate.io has a working page with a similar identifier, so it was concluded that an attempt was made to hack the exchange.
The Gate.io platform uses this URI to send bitcoins from its account to other addresses, and the virus file automatically changes the recipient’s account to the hacker’s one. Besides, the server creates a new account every time a client opens a fake domain.
ESET specialists reported a threat to Gate.io, and the exchange immediately removed the StatCounter service from its website, securing customers’ funds.
As previously reported, Gate.io opened trading in the Decred cryptocurrency.