Cryptocurrency exchanges are often considered to be the lifeblood of this industry. They offer liquidity, convenience, and expose millions of people to different digital assets. Unfortunately, these platforms are also susceptible to different types of hacks and manipulation. It appears Gate.io has some concerns to address in this department.
The Potential Gate.io Exchange Problem
Researchers at ESET are closely monitoring any development in the world of cryptocurrencies. That is only normal, as this industry has been prone to a lot of malicious actors in the past. More specifically, the number of exchanges being hacked and funds being stolen has increased significantly in recent years. Avoiding any future issues is of the utmost importance as more time progresses.
The research in question primarily focuses on the Gate.io exchange at this time. A rather worrisome development involving the StatCounter website can have widespread consequences for this particular exchange. StatCounter is a major analytics platform which is used by a lot of website owners around the world. Having an alternative to Google Analytics is always a good thing, primarily because Google already collects enough data is it is.
For some unknown reason, there has been a security breach involving StatCounter. More specifically, their main website counter script has been modified by a third party to add extra code. While that may not sound that serious at first, the code in question targets cryptocurrency exchanges specifically. The only platform susceptible to this attack is Gate.io, although they will be addressing this problem rather quickly.
What makes this piece of code so problematic is how it targets a Unified Resource Identifier (URI). In this case, it seeks out the “domain/myaccount/withdraw/BTC” segment. Gate is the only crypto exchange with such a URL structure, which can make them susceptible to unauthorized account withdrawals in the future. It is something that can be prevented with relative ease, although it will be up to Gate to take the appropriate action.
Assuming this script is successful in performing withdrawals, it seems there is a good chance bitcoins will be stolen in quick succession. One potential withdrawal address has already been identified, although it has not obtained any funds at this time. That in itself is somewhat reassuring, although that doesn’t mean the exchange and its users are out of the woods just yet.
This particular find is another sign of why cryptocurrency exchanges remain a key weak point in this industry. Their centralized nature makes it very easy for attackers to exploit weaknesses as they see fit, and this most recent example shows it doesn’t take much to make good money in quick succession. This attack is primarily targeted at one exchange in particular, but that doesn’t mean it can’t be amended to affect other platforms moving forward.
UPDATE: The Gate.io team has confirmed they are no longer using the SStatCounterscript in question. All users should be safe from harm, although keeping a close eye on one’s account is still warranted.