Bitcoin Forum
November 11, 2024, 12:16:19 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Nearly 700,000 websites are hacked in bid to steal cryptocurrency  (Read 351 times)
Snowflower11 (OP)
Jr. Member
*
Offline Offline

Activity: 70
Merit: 4


View Profile
November 09, 2018, 03:13:12 AM
 #1

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

"Popular web analytics platform Statcounter experienced a breach on November 3, according to research from malware researcher Matthieu Faou. Up to 700,000 web pages were targeted in the hack which primarily aimed to steal cryptocurrency through a malicious script. Per the report, through the script was loaded on many websites, there is nothing much to fear. The malicious Statcounter script behind the attack primarily targeted the cryptocurrency exchange Gate.io to generate Bitcoin addresses. Only if the URL or content in a given webpage contained references to “myaccount/withdraw/BTC” would the malicious script activate and then silently connect to the exchange to fill the hackers’ pockets with money."

See more: https://www.digitaltrends.com/computing/statcounter-700000-websites-hacked-cryptocurrency/

cryptoanalyze
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
November 09, 2018, 05:13:08 AM
 #2

This is really bad, and the only way to survive is to store Bitcoin in hardware wallet and HODL. Even storing in exchange sites and web wallets are not safe anymore. Even legit sites might fall from DNS hacked.
Initscri
Hero Member
*****
Offline Offline

Activity: 1582
Merit: 759


View Profile WWW
November 09, 2018, 05:37:46 AM
Last edit: November 09, 2018, 05:49:09 AM by Initscri
 #3

So essentially a lesson to Bitcoin related businesses: Watch your 3rd party dependencies, and load only versioned assets which have to be audited before releases. Don't ever embed something from a remote website that will be updated unless it's a 100% known and trusted source (and even then, know that you're at the will of their security)

My assumption is that Statcounter was embedded via Javascript onto Gate.IOs website. As statcounter was exploited, so was Gate.IOs website (script probably just watched for access to withdrawal page and then attempted to act as the client)

This is really bad, and the only way to survive is to store Bitcoin in hardware wallet and HODL. Even storing in exchange sites and web wallets are not safe anymore. Even legit sites might fall from DNS hacked.

This isn't really about holding bitcoin. This could have targeted a user who followed the hardware wallet / cold storage principle, but wanting to sell some Bitcoin, may have been affected by this.

On a side note: The whole 700,000 websites hacked claim is somewhat disingenuous though. Yes, technically, 700,000 websites were "exploited", but the exploit was only targeted at 1 website, and probably didn't even effect any of the other websites at all (although further analysis would probably be required). Hacked somewhat insinuates data losses / exploitation at all websites, which obviously isn't exactly true.

Also, Fauo's quote here:

Quote
“Attackers modified the script at www.statcounter[.]com/counter/counter.js by adding a piece of malicious code. … In the middle of the script. This is unusual, as attackers generally add malicious code at the beginning, or at the end, of a legitimate file. Code injected into the middle of an existing script is typically harder to detect via casual observation,” explains Faou.

I'm not entirely sure where he's getting his information from, but realistically, the whole "code at the beginning, or at the end" is somewhat debatable. Credible and legitimate attackers would hide the code in such a way that's it's not identifiable to casual observation, maybe novices would not take too much care in this. Realistically, shame on Statcounter for not building systems to watch this code & create alerts if it changes at all. This could have easily been prevented by an alert thrown off by the changing of the file not inline with their developers modifications (checksum validation)

----------------------------------
Web Developer. PM for details.
----------------------------------
jseverson
Hero Member
*****
Offline Offline

Activity: 1834
Merit: 759


View Profile
November 09, 2018, 05:55:45 AM
 #4

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

I really don't think they're too concerned with hackers. They target everything anyway. There's really no solution to them except by making their activities unprofitable through protecting ourselves.

In this case, installing a script blocker on your browser (like NoScript for Firefox or ScriptSafe on Chrome) likely would have protected you. You should install one either way as they also stop stuff like malvertising.

My assumption is that Statcounter was embedded via Javascript onto Gate.IOs website. As statcounter was exploited, so was Gate.IOs website (script probably just watched for access to withdrawal page and then attempted to act as the client)
On a side note: The whole 700,000 websites hacked claim is somewhat disingenuous though. Yes, technically, 700,000 websites were "exploited", but the exploit was only targeted at 1 website, and probably didn't even effect any of the other websites at all (although further analysis would probably be required). Hacked somewhat insinuates data losses / exploitation at all websites, which obviously isn't exactly true.

Yeah, it just means 700k websites loaded the script. The malicious part doesn't kick in unless it's loaded on gate.io. This isn't as bad as it's being painted to be.

Initscri
Hero Member
*****
Offline Offline

Activity: 1582
Merit: 759


View Profile WWW
November 09, 2018, 05:57:38 AM
 #5

So essentially a lesson to Bitcoin related businesses: Watch your 3rd party dependencies, and load only versioned assets which have to be audited before releases. Don't ever embed something from a remote website that will be updated unless it's a 100% known and trusted source (and even then, know that you're at the will of their security)

My assumption is that Statcounter was embedded via Javascript onto Gate.IOs website. As statcounter was exploited, so was Gate.IOs website (script probably just watched for access to withdrawal page and then attempted to act as the client)
On a side note: The whole 700,000 websites hacked claim is somewhat disingenuous though. Yes, technically, 700,000 websites were "exploited", but the exploit was only targeted at 1 website, and probably didn't even effect any of the other websites at all (although further analysis would probably be required). Hacked somewhat insinuates data losses / exploitation at all websites, which obviously isn't exactly true.

Yeah, it just means 700k websites loaded the script. The malicious part doesn't kick in unless it's loaded on gate.io. This isn't as bad as it's being painted to be.

Yea, I mentioned that as a side note, it's not as bad in general. For Gate.IO, it's quite bad; and the trust from crypto businesses towards StatCounter is going to fold. However, the whole 700k websites number is more or less just an arbitrary number in this case.

----------------------------------
Web Developer. PM for details.
----------------------------------
HODL2090
Member
**
Offline Offline

Activity: 210
Merit: 29


View Profile
November 09, 2018, 06:13:31 AM
 #6

Your wallet serves as your cryptocurrency bank and for extra security you best use a hardware wallet or a order wallet

Taking your assets into a third party website contains the same risk as when you do that with fiat currencies.. And the risk of loss is high in both cases.
This is a decentralized protocol and all losses or damages usually fall onto the affected individuals.
Only sustained legal pressure can force out the owners of that platform and hold them accountable.
Infinixhot1996
Jr. Member
*
Offline Offline

Activity: 98
Merit: 2


View Profile
November 09, 2018, 06:20:52 AM
 #7

This is one of the reasons that traditional investors and big investors are afraid to enter this market
I actually do not think so, no system whatsoever is safe from hackers..
The cryptocurrency world may be a bit more risky die to its anonymous nature, and hence no way/detail to trace a hacker...
But every financial system is plagued with its own fair share of menace, most of our traditional Fiat currencies are being counterfeited every day in millions,and being used to dupe/deceive people..

The bottom line remains one has to take preventive measures to protect him/herself from this fraudulent individuals/group of people
Herbert2020
Legendary
*
Offline Offline

Activity: 1946
Merit: 1137


View Profile
November 09, 2018, 06:54:05 AM
 #8

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors.

an investor never worries about an exchange being hacked! the only thing important for them is bitcoin being secure in a safe wallet and there are enough options for that from hardware wallets to paper wallet cold storage that they don't have to worry about anything.

the only reason why people are afraid to invest in bitcoin is the FUD that is always around and the fact that bitcoin is still new and unknown to many of them.

Weak hands have been complaining about missing out ever since bitcoin was $1 and never buy the dip.
Whales are those who keep buying the dip.
davis196
Hero Member
*****
Offline Offline

Activity: 3150
Merit: 937



View Profile
November 09, 2018, 06:59:10 AM
 #9

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

"Popular web analytics platform Statcounter experienced a breach on November 3, according to research from malware researcher Matthieu Faou. Up to 700,000 web pages were targeted in the hack which primarily aimed to steal cryptocurrency through a malicious script. Per the report, through the script was loaded on many websites, there is nothing much to fear. The malicious Statcounter script behind the attack primarily targeted the cryptocurrency exchange Gate.io to generate Bitcoin addresses. Only if the URL or content in a given webpage contained references to “myaccount/withdraw/BTC” would the malicious script activate and then silently connect to the exchange to fill the hackers’ pockets with money."

See more: https://www.digitaltrends.com/computing/statcounter-700000-websites-hacked-cryptocurrency/



There's no magic solution that will stop hackers once and for all.It's a constant battle between hackers and the programmers/ethical hackers.I don't really think that the big institutional investors are that conserned about crypto security.The hackers usually target smaller "victims".

NeuroticFish
Legendary
*
Offline Offline

Activity: 3850
Merit: 6585


Looking for campaign manager? Contact icopress!


View Profile
November 09, 2018, 07:06:12 AM
 #10

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

Banks are also targeted by hackers and people still keeps money in banks.
And the hacks don't really target wallets. An investor looks around very carefully (or pays somebody to) and see the reality: if some minimum common sense precautions are done, the Bitcoin is safe.
So no, the hacks are not the issue. Actually during the history the number of hacks seems to decrease and also the fuzz around them. The exchanges started to learn their lesson and stay more safe.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
BuyBuyBitcoin
Member
**
Offline Offline

Activity: 126
Merit: 29

Get Maximalist or Get Wrecked


View Profile WWW
November 09, 2018, 08:23:55 AM
 #11

Up to 700,000 web pages were targeted in the hack

Pages arent websites...

Per the report, through the script was loaded on many websites, there is nothing much to fear.

OK


Avoiding ICO's and Shitcoins | Finding where people can Buy Bitcoin Around the World.
Zalaster
Member
**
Offline Offline

Activity: 308
Merit: 13


View Profile WWW
November 09, 2018, 08:50:35 AM
 #12

Hacker attacks have been and will be, this should be a stimulus to strengthen the defense, and investors need to be careful. No one will take care of your money except you.
beliomir
Full Member
***
Offline Offline

Activity: 539
Merit: 100



View Profile
November 09, 2018, 09:01:23 AM
 #13

I agree with all the above written. I would recommend everyone to buy hardware wallets or use paper.

                               Whitepaper     E M R X Token   :   LEARN MORE   
      E M I R E X         ─── إمركس ───          :         The Infrastructure for the
  [ telegram    facebook    TWITTER ]         New Digital Economy
Initscri
Hero Member
*****
Offline Offline

Activity: 1582
Merit: 759


View Profile WWW
November 09, 2018, 07:32:12 PM
 #14

This has absolutely nothing to do with hardware wallets/paper wallets.

This is about the point of exchange when buying/selling cryptocurrency. The security of the wallets you HODL in has nothing to do with this.

----------------------------------
Web Developer. PM for details.
----------------------------------
Reid
Hero Member
*****
Offline Offline

Activity: 3052
Merit: 651


View Profile
November 09, 2018, 07:48:46 PM
 #15

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors.

an investor never worries about an exchange being hacked! the only thing important for them is bitcoin being secure in a safe wallet and there are enough options for that from hardware wallets to paper wallet cold storage that they don't have to worry about anything.

the only reason why people are afraid to invest in bitcoin is the FUD that is always around and the fact that bitcoin is still new and unknown to many of them.

Yeah that is what I am thinking. Investors will invest and will never trade it back. If they are targeting crypto currencies then they are safe for that moment since they will be in USD for buying it.
Now, once they bought it, they can easily get out and leave it in a hard wallet for a long time. I do think that is what an investor really means.

Getting caught in a hack by staying your crypto currencies in an exchange is not the best way to store it. Investors do store not trade it back after a few hours.

Plus that could just be connected websites with one attack, they are really targeting one website after all.
franky1
Legendary
*
Offline Offline

Activity: 4396
Merit: 4761



View Profile
November 09, 2018, 10:38:09 PM
 #16

usually when reading this stuff... later comes how the then unknown exchange promotes that they have insured customers funds and that customers wont leave at a loss...

i find many exchanges ABUSE the "we been hacked" narrative just to get publicity. and then try to make a comeback saying they are now the most secure exchange due to it. and then they just ride the gravy train of free press
(in reality they had little to no customers and so saying a hack occured costs them nothing)

never heard of the exchange mentioned so id be more inclined to say that its a new exchange looking for some free press
(whois reveals yep only a few months old.. not even a year)
(analytics reveals under 2k unique visits......... compare that to coinbase of over 700k)

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
bellamente
Member
**
Offline Offline

Activity: 420
Merit: 10


View Profile WWW
November 09, 2018, 10:49:41 PM
 #17

It is very important that cryptocurrency exchanges give users complete security of funds storage.

News about hacking cryptocurrency exchanges greatly affects the rate of cryptocurrency

Marbelli
Jr. Member
*
Offline Offline

Activity: 182
Merit: 1

EndChain - Complete Logistical Solution


View Profile
November 09, 2018, 11:11:51 PM
 #18

news about the hacks always upset me because I do not want to wake up one day and understand that my account was hacked and my money was taken

EndChain - Complete logistical solution for all markets and supply chains
ICO Start: Dec 1, 2018 (https://endchain.io/)
metalglowd
Member
**
Offline Offline

Activity: 546
Merit: 10

💲 EMIREX EXCHANGE 💲


View Profile WWW
November 09, 2018, 11:12:36 PM
 #19

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

"Popular web analytics platform Statcounter experienced a breach on November 3, according to research from malware researcher Matthieu Faou. Up to 700,000 web pages were targeted in the hack which primarily aimed to steal cryptocurrency through a malicious script. Per the report, through the script was loaded on many websites, there is nothing much to fear. The malicious Statcounter script behind the attack primarily targeted the cryptocurrency exchange Gate.io to generate Bitcoin addresses. Only if the URL or content in a given webpage contained references to “myaccount/withdraw/BTC” would the malicious script activate and then silently connect to the exchange to fill the hackers’ pockets with money."

See more: https://www.digitaltrends.com/computing/statcounter-700000-websites-hacked-cryptocurrency/



this time hacking is more focused on getting assets in the form of bitcoin or other coins, if this continues, what happens is that the price of the hacked coin can fall due to the amount of instant sell or sell orders even in separate markets

                             ❱  Whitepaper  ❱   E M R X ─ Token ─   :   LEARN MORE   
      E M I R E X         ─── إمركس ───          :         The Infrastructure for the
[ ◾ telegram   ◾ facebook   ◾ TWITTER ]   New Digital Economy
BQ
Member
**
Offline Offline

Activity: 616
Merit: 53

CoinMetro - the future of exchanges


View Profile
November 10, 2018, 02:40:23 AM
 #20

is there an agenda in the article to make people scared of crypto?
crypto gets so much negative attention about things that are already happening for fiat!
paypal accounts are hacked, various website accounts are hacked and sold, email adresses etc, naturally people will try to steal crypto just as the same people would try to steal bank accounts.

5 EUR free crypto on signup! XCM exchange token ⚜⚜⚜  CoinMetro - Copy Trading - Margin - 0% maker fee  ⚜⚜⚜ - generate €500 volume in July for a chance to win €100!
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!