Bitcoin Forum

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

"Popular web analytics platform Statcounter experienced a breach on November 3, according to research from malware researcher Matthieu Faou. Up to 700,000 web pages were targeted in the hack which primarily aimed to steal cryptocurrency through a malicious script. Per the report, through the script was loaded on many websites, there is nothing much to fear. The malicious Statcounter script behind the attack primarily targeted the cryptocurrency exchange Gate.io to generate Bitcoin addresses. Only if the URL or content in a given webpage contained references to “myaccount/withdraw/BTC” would the malicious script activate and then silently connect to the exchange to fill the hackers’ pockets with money."

See more: https://www.digitaltrends.com/computing/statcounter-700000-websites-hacked-cryptocurrency/

This is really bad, and the only way to survive is to store Bitcoin in hardware wallet and HODL. Even storing in exchange sites and web wallets are not safe anymore. Even legit sites might fall from DNS hacked.

So essentially a lesson to Bitcoin related businesses: Watch your 3rd party dependencies, and load only versioned assets which have to be audited before releases. Don't ever embed something from a remote website that will be updated unless it's a 100% known and trusted source (and even then, know that you're at the will of their security)

My assumption is that Statcounter was embedded via Javascript onto Gate.IOs website. As statcounter was exploited, so was Gate.IOs website (script probably just watched for access to withdrawal page and then attempted to act as the client)


This isn't really about holding bitcoin. This could have targeted a user who followed the hardware wallet / cold storage principle, but wanting to sell some Bitcoin, may have been affected by this.

On a side note: The whole 700,000 websites hacked claim is somewhat disingenuous though. Yes, technically, 700,000 websites were "exploited", but the exploit was only targeted at 1 website, and probably didn't even effect any of the other websites at all (although further analysis would probably be required). Hacked somewhat insinuates data losses / exploitation at all websites, which obviously isn't exactly true.

Also, Fauo's quote here:


I'm not entirely sure where he's getting his information from, but realistically, the whole "code at the beginning, or at the end" is somewhat debatable. Credible and legitimate attackers would hide the code in such a way that's it's not identifiable to casual observation, maybe novices would not take too much care in this. Realistically, shame on Statcounter for not building systems to watch this code & create alerts if it changes at all. This could have easily been prevented by an alert thrown off by the changing of the file not inline with their developers modifications (checksum validation)

I really don't think they're too concerned with hackers. They target everything anyway. There's really no solution to them except by making their activities unprofitable through protecting ourselves.

In this case, installing a script blocker on your browser (like NoScript for Firefox or ScriptSafe on Chrome) likely would have protected you. You should install one either way as they also stop stuff like malvertising.


Yeah, it just means 700k websites loaded the script. The malicious part doesn't kick in unless it's loaded on gate.io. This isn't as bad as it's being painted to be.

Yea, I mentioned that as a side note, it's not as bad in general. For Gate.IO, it's quite bad; and the trust from crypto businesses towards StatCounter is going to fold. However, the whole 700k websites number is more or less just an arbitrary number in this case.

Your wallet serves as your cryptocurrency bank and for extra security you best use a hardware wallet or a order wallet

Taking your assets into a third party website contains the same risk as when you do that with fiat currencies.. And the risk of loss is high in both cases.
This is a decentralized protocol and all losses or damages usually fall onto the affected individuals.
Only sustained legal pressure can force out the owners of that platform and hold them accountable.

I actually do not think so, no system whatsoever is safe from hackers..
The cryptocurrency world may be a bit more risky die to its anonymous nature, and hence no way/detail to trace a hacker...
But every financial system is plagued with its own fair share of menace, most of our traditional Fiat currencies are being counterfeited every day in millions,and being used to dupe/deceive people..

The bottom line remains one has to take preventive measures to protect him/herself from this fraudulent individuals/group of people

an investor never worries about an exchange being hacked! the only thing important for them is bitcoin being secure in a safe wallet and there are enough options for that from hardware wallets to paper wallet cold storage that they don't have to worry about anything.

the only reason why people are afraid to invest in bitcoin is the FUD that is always around and the fact that bitcoin is still new and unknown to many of them.

There's no magic solution that will stop hackers once and for all.It's a constant battle between hackers and the programmers/ethical hackers.I don't really think that the big institutional investors are that conserned about crypto security.The hackers usually target smaller "victims".

Banks are also targeted by hackers and people still keeps money in banks.
And the hacks don't really target wallets. An investor looks around very carefully (or pays somebody to) and see the reality: if some minimum common sense precautions are done, the Bitcoin is safe.
So no, the hacks are not the issue. Actually during the history the number of hacks seems to decrease and also the fuzz around them. The exchanges started to learn their lesson and stay more safe.

Pages arent websites...


OK

Hacker attacks have been and will be, this should be a stimulus to strengthen the defense, and investors need to be careful. No one will take care of your money except you.

I agree with all the above written. I would recommend everyone to buy hardware wallets or use paper.

This has absolutely nothing to do with hardware wallets/paper wallets.

This is about the point of exchange when buying/selling cryptocurrency. The security of the wallets you HODL in has nothing to do with this.

Yeah that is what I am thinking. Investors will invest and will never trade it back. If they are targeting crypto currencies then they are safe for that moment since they will be in USD for buying it.
Now, once they bought it, they can easily get out and leave it in a hard wallet for a long time. I do think that is what an investor really means.

Getting caught in a hack by staying your crypto currencies in an exchange is not the best way to store it. Investors do store not trade it back after a few hours.

Plus that could just be connected websites with one attack, they are really targeting one website after all.

usually when reading this stuff... later comes how the then unknown exchange promotes that they have insured customers funds and that customers wont leave at a loss...

i find many exchanges ABUSE the "we been hacked" narrative just to get publicity. and then try to make a comeback saying they are now the most secure exchange due to it. and then they just ride the gravy train of free press
(in reality they had little to no customers and so saying a hack occured costs them nothing)

never heard of the exchange mentioned so id be more inclined to say that its a new exchange looking for some free press
(whois reveals yep only a few months old.. not even a year)
(analytics reveals under 2k unique visits......... compare that to coinbase of over 700k)

It is very important that cryptocurrency exchanges give users complete security of funds storage.

News about hacking cryptocurrency exchanges greatly affects the rate of cryptocurrency

news about the hacks always upset me because I do not want to wake up one day and understand that my account was hacked and my money was taken

this time hacking is more focused on getting assets in the form of bitcoin or other coins, if this continues, what happens is that the price of the hacked coin can fall due to the amount of instant sell or sell orders even in separate markets

is there an agenda in the article to make people scared of crypto?
crypto gets so much negative attention about things that are already happening for fiat!
paypal accounts are hacked, various website accounts are hacked and sold, email adresses etc, naturally people will try to steal crypto just as the same people would try to steal bank accounts.

meh, this is one of the many bullshits that this site publishes and the owners keep on advertising their links on this forum. it basically talking about those malicious JavaScript scripts that can be run on some web pages that can do malicious stuff on a computer of the person that visits them. 700k is also probably an imaginary number by the author and also it is talking about web pages not web sites! so that is weird enough.

TBH, I wouldn't be surprised if he just googled the amount of websites using StatCounter.

There's another article here: https://www.newsbtc.com/2018/11/07/hackers-infiltrate-600k-websites-through-statcounter-in-search-of-bitcoin/

Not entirely sure where this 700,000 number is coming from.

Here you go:


The malicous part of the script is also shown in the article. There were also no (reportedly) lost funds, apparently.

that is the reason no one should keep all his/her coins in exchanges and on-line wallets. Paper wallet and hardware wallets are safe.

if it will be the issue then it will affect the market on both side, the positive way those hackers can control the market but when they want to crash the market then the price will drop and the worst thing those investors will turn their back on cryptocurrency.

I still kind of surprised that someone can only think of destroying what others has build instead of using that precious time to build some thing reasonable too to make the world a better place, but have decide to go other way and they can even get rich more than what they expect if only they do the right thing and go in a right part.

Many sites experience piracy that is true but not all piracy is doing harmful hacking. The 700K website is fake, even when there are rumors of an exchange being hacked, it makes bitcoin down. This idea is bad but actually, there are even news orders that aim for free advertising. If indeed you are afraid of your wallet being hacked, make your assets into a paper wallet.

Since all losses fall onto the affected individuals, people must take any measure to make wheir wallets inaccessible by hackers. Before this kind of concerns will be solved  many people would not consider to enter the crypto market. I think, it is very important that cryptocurrency exchanges must give users complete security of funds storage.

I doubt such a huge number of website can be hacked in just to steal cryptocurrency. Any security website won't ever put cryptocurrency or access to its assets online but will keep it on hard wallet or cold storage which will make it impossible to take it assets away if even hackers succeed in breaking into a website.

Unfortunately, it is a pity that people are faced with the activities of hackers and still have not come up with ways that can 100% protect users from identity theft and funds stored in crypto-wallets.Regarding your post, you are not quite correctly displayed the news. Because as literally on the site it is written like this:Up to 700,000 web pages were targeted in the hack which primarily aimed to steal cryptocurrency through a malicious script.https://www.digitaltrends.com/computing/statcounter-700000-websites-hacked-cryptocurrency/ (https://www.digitaltrends.com/computing/statcounter-700000-websites-hacked-cryptocurrency/)Ie not hacked but were aimed at hacking.

Bitcoin itself is a protocol that is virtually impervious to hacking because if harmed the items hackers want to steal become worthless.

Bitcoin wallets are just public domain application software. The source code is readily available. Exploits against bitcoin wallets are so easily preventable that no one should ever become a victim. The problem is created when lazy people want convenience and sacrifice security to get it.

The problem with altturds (cryptocurrencies other than bitcoin) is they are created by sharks whose self interest eliminates the ability to trust the coin. Roger Ver doesn’t adore BCH because he loves bitcoin. He wants to be king of the hill again. Does anyone believe J.P Morgan Chase, Microsoft and Intel invested in Ethereum for altruistic reasons? No, they want to be at the front of the line when it’s time to fleece the sheep. I hope they get hacked to death. Do you really feel safe using crime coins like Monero? If there was ever a coin waiting for government attack it’s Monero. Most altturds are just so stupid it’s hard to believe they really exist. Mooncoin? Seriously? One coin for each millimeter of distance from the earth to the moon? If you put real money in altturds Darwin is going to catch up with you eventually and ensure you stay on the bottom of the food chain.

Yeah may be majority of big investors are afraid to enter but not all of them, check the market cap of cryptos it is now around $211,087,421,197, that means still we have big investors in the market.
Scammers and hackers are always there even in the traditional market, even in online banking there involves huge risk, in fact cryptos are more secure in every aspect than online banking if user is fully aware of it.

Ahh ok, that makes more sense. Because I was comparing the numbers to BuiltWith and other sites, and they weren't matching up.

That's Web pages, not websites. * IE: The 700,000 quote is including multiple pages on 1 website. So that quote is wayyyyy off.

https://www.wappalyzer.com/technologies/statcounter
Wappalyzer is reporting around 60,000~

On a side note, the amount of users on this thread dumping "shouldn't have been using online wallets" spam is astounding; even though it's completely irrelevant.