Nearly 700,000 websites are hacked in bid to steal cryptocurrency

[Snowflower11]

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

"Popular web analytics platform Statcounter experienced a breach on November 3, according to research from malware researcher Matthieu Faou. Up to 700,000 web pages were targeted in the hack which primarily aimed to steal cryptocurrency through a malicious script. Per the report, through the script was loaded on many websites, there is nothing much to fear. The malicious Statcounter script behind the attack primarily targeted the cryptocurrency exchange Gate.io to generate Bitcoin addresses. Only if the URL or content in a given webpage contained references to “myaccount/withdraw/BTC” would the malicious script activate and then silently connect to the exchange to fill the hackers’ pockets with money."

See more: https://www.digitaltrends.com/computing/statcounter-700000-websites-hacked-cryptocurrency/

[1714655881]

1714655881

[cryptoanalyze]

This is really bad, and the only way to survive is to store Bitcoin in hardware wallet and HODL. Even storing in exchange sites and web wallets are not safe anymore. Even legit sites might fall from DNS hacked.

[Initscri]

So essentially a lesson to Bitcoin related businesses: Watch your 3rd party dependencies, and load only versioned assets which have to be audited before releases. Don't ever embed something from a remote website that will be updated unless it's a 100% known and trusted source (and even then, know that you're at the will of their security)

My assumption is that Statcounter was embedded via Javascript onto Gate.IOs website. As statcounter was exploited, so was Gate.IOs website (script probably just watched for access to withdrawal page and then attempted to act as the client)

This is really bad, and the only way to survive is to store Bitcoin in hardware wallet and HODL. Even storing in exchange sites and web wallets are not safe anymore. Even legit sites might fall from DNS hacked.

This isn't really about holding bitcoin. This could have targeted a user who followed the hardware wallet / cold storage principle, but wanting to sell some Bitcoin, may have been affected by this.

On a side note: The whole 700,000 websites hacked claim is somewhat disingenuous though. Yes, technically, 700,000 websites were "exploited", but the exploit was only targeted at 1 website, and probably didn't even effect any of the other websites at all (although further analysis would probably be required). Hacked somewhat insinuates data losses / exploitation at all websites, which obviously isn't exactly true.

Also, Fauo's quote here:

“Attackers modified the script at www.statcounter[.]com/counter/counter.js by adding a piece of malicious code. … In the middle of the script. This is unusual, as attackers generally add malicious code at the beginning, or at the end, of a legitimate file. Code injected into the middle of an existing script is typically harder to detect via casual observation,” explains Faou.

I'm not entirely sure where he's getting his information from, but realistically, the whole "code at the beginning, or at the end" is somewhat debatable. Credible and legitimate attackers would hide the code in such a way that's it's not identifiable to casual observation, maybe novices would not take too much care in this. Realistically, shame on Statcounter for not building systems to watch this code & create alerts if it changes at all. This could have easily been prevented by an alert thrown off by the changing of the file not inline with their developers modifications (checksum validation)

[jseverson]

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

I really don't think they're too concerned with hackers. They target everything anyway. There's really no solution to them except by making their activities unprofitable through protecting ourselves.

In this case, installing a script blocker on your browser (like NoScript for Firefox or ScriptSafe on Chrome) likely would have protected you. You should install one either way as they also stop stuff like malvertising.

My assumption is that Statcounter was embedded via Javascript onto Gate.IOs website. As statcounter was exploited, so was Gate.IOs website (script probably just watched for access to withdrawal page and then attempted to act as the client)
On a side note: The whole 700,000 websites hacked claim is somewhat disingenuous though. Yes, technically, 700,000 websites were "exploited", but the exploit was only targeted at 1 website, and probably didn't even effect any of the other websites at all (although further analysis would probably be required). Hacked somewhat insinuates data losses / exploitation at all websites, which obviously isn't exactly true.

Yeah, it just means 700k websites loaded the script. The malicious part doesn't kick in unless it's loaded on gate.io. This isn't as bad as it's being painted to be.

[Initscri]

So essentially a lesson to Bitcoin related businesses: Watch your 3rd party dependencies, and load only versioned assets which have to be audited before releases. Don't ever embed something from a remote website that will be updated unless it's a 100% known and trusted source (and even then, know that you're at the will of their security)

My assumption is that Statcounter was embedded via Javascript onto Gate.IOs website. As statcounter was exploited, so was Gate.IOs website (script probably just watched for access to withdrawal page and then attempted to act as the client)
On a side note: The whole 700,000 websites hacked claim is somewhat disingenuous though. Yes, technically, 700,000 websites were "exploited", but the exploit was only targeted at 1 website, and probably didn't even effect any of the other websites at all (although further analysis would probably be required). Hacked somewhat insinuates data losses / exploitation at all websites, which obviously isn't exactly true.

Yeah, it just means 700k websites loaded the script. The malicious part doesn't kick in unless it's loaded on gate.io. This isn't as bad as it's being painted to be.

Yea, I mentioned that as a side note, it's not as bad in general. For Gate.IO, it's quite bad; and the trust from crypto businesses towards StatCounter is going to fold. However, the whole 700k websites number is more or less just an arbitrary number in this case.

[HODL2090]

Your wallet serves as your cryptocurrency bank and for extra security you best use a hardware wallet or a order wallet

Taking your assets into a third party website contains the same risk as when you do that with fiat currencies.. And the risk of loss is high in both cases.
This is a decentralized protocol and all losses or damages usually fall onto the affected individuals.
Only sustained legal pressure can force out the owners of that platform and hold them accountable.

[Infinixhot1996]

This is one of the reasons that traditional investors and big investors are afraid to enter this market

I actually do not think so, no system whatsoever is safe from hackers..
The cryptocurrency world may be a bit more risky die to its anonymous nature, and hence no way/detail to trace a hacker...
But every financial system is plagued with its own fair share of menace, most of our traditional Fiat currencies are being counterfeited every day in millions,and being used to dupe/deceive people..

The bottom line remains one has to take preventive measures to protect him/herself from this fraudulent individuals/group of people

[Herbert2020]

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors.

an investor never worries about an exchange being hacked! the only thing important for them is bitcoin being secure in a safe wallet and there are enough options for that from hardware wallets to paper wallet cold storage that they don't have to worry about anything.

the only reason why people are afraid to invest in bitcoin is the FUD that is always around and the fact that bitcoin is still new and unknown to many of them.

[davis196]

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

"Popular web analytics platform Statcounter experienced a breach on November 3, according to research from malware researcher Matthieu Faou. Up to 700,000 web pages were targeted in the hack which primarily aimed to steal cryptocurrency through a malicious script. Per the report, through the script was loaded on many websites, there is nothing much to fear. The malicious Statcounter script behind the attack primarily targeted the cryptocurrency exchange Gate.io to generate Bitcoin addresses. Only if the URL or content in a given webpage contained references to “myaccount/withdraw/BTC” would the malicious script activate and then silently connect to the exchange to fill the hackers’ pockets with money."

See more: https://www.digitaltrends.com/computing/statcounter-700000-websites-hacked-cryptocurrency/

There's no magic solution that will stop hackers once and for all.It's a constant battle between hackers and the programmers/ethical hackers.I don't really think that the big institutional investors are that conserned about crypto security.The hackers usually target smaller "victims".

[NeuroticFish]

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

Banks are also targeted by hackers and people still keeps money in banks.
And the hacks don't really target wallets. An investor looks around very carefully (or pays somebody to) and see the reality: if some minimum common sense precautions are done, the Bitcoin is safe.
So no, the hacks are not the issue. Actually during the history the number of hacks seems to decrease and also the fuzz around them. The exchanges started to learn their lesson and stay more safe.

[BuyBuyBitcoin]

Up to 700,000 web pages were targeted in the hack

Pages arent websites...

Per the report, through the script was loaded on many websites, there is nothing much to fear.

OK

[Zalaster]

Hacker attacks have been and will be, this should be a stimulus to strengthen the defense, and investors need to be careful. No one will take care of your money except you.

[beliomir]

I agree with all the above written. I would recommend everyone to buy hardware wallets or use paper.

[Initscri]

This has absolutely nothing to do with hardware wallets/paper wallets.

This is about the point of exchange when buying/selling cryptocurrency. The security of the wallets you HODL in has nothing to do with this.

[Reid]

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors.

an investor never worries about an exchange being hacked! the only thing important for them is bitcoin being secure in a safe wallet and there are enough options for that from hardware wallets to paper wallet cold storage that they don't have to worry about anything.

the only reason why people are afraid to invest in bitcoin is the FUD that is always around and the fact that bitcoin is still new and unknown to many of them.

Yeah that is what I am thinking. Investors will invest and will never trade it back. If they are targeting crypto currencies then they are safe for that moment since they will be in USD for buying it.
Now, once they bought it, they can easily get out and leave it in a hard wallet for a long time. I do think that is what an investor really means.

Getting caught in a hack by staying your crypto currencies in an exchange is not the best way to store it. Investors do store not trade it back after a few hours.

Plus that could just be connected websites with one attack, they are really targeting one website after all.

[franky1]

usually when reading this stuff... later comes how the then unknown exchange promotes that they have insured customers funds and that customers wont leave at a loss...

i find many exchanges ABUSE the "we been hacked" narrative just to get publicity. and then try to make a comeback saying they are now the most secure exchange due to it. and then they just ride the gravy train of free press
(in reality they had little to no customers and so saying a hack occured costs them nothing)

never heard of the exchange mentioned so id be more inclined to say that its a new exchange looking for some free press
(whois reveals yep only a few months old.. not even a year)
(analytics reveals under 2k unique visits......... compare that to coinbase of over 700k)

[bellamente]

It is very important that cryptocurrency exchanges give users complete security of funds storage.

News about hacking cryptocurrency exchanges greatly affects the rate of cryptocurrency

[Marbelli]

news about the hacks always upset me because I do not want to wake up one day and understand that my account was hacked and my money was taken

[metalglowd]

This is one of the reasons that traditional investors and big investors are afraid to enter this market. Large-scale attacks by hackers on websites, trading platforms, to steal assets Cryptocurrency is always an obsession for investors. We need to have a solution against hackers, this market is very potential but it does not attract many people, because it is too risky.

"Popular web analytics platform Statcounter experienced a breach on November 3, according to research from malware researcher Matthieu Faou. Up to 700,000 web pages were targeted in the hack which primarily aimed to steal cryptocurrency through a malicious script. Per the report, through the script was loaded on many websites, there is nothing much to fear. The malicious Statcounter script behind the attack primarily targeted the cryptocurrency exchange Gate.io to generate Bitcoin addresses. Only if the URL or content in a given webpage contained references to “myaccount/withdraw/BTC” would the malicious script activate and then silently connect to the exchange to fill the hackers’ pockets with money."

See more: https://www.digitaltrends.com/computing/statcounter-700000-websites-hacked-cryptocurrency/

this time hacking is more focused on getting assets in the form of bitcoin or other coins, if this continues, what happens is that the price of the hacked coin can fall due to the amount of instant sell or sell orders even in separate markets

[BQ]

is there an agenda in the article to make people scared of crypto?
crypto gets so much negative attention about things that are already happening for fiat!
paypal accounts are hacked, various website accounts are hacked and sold, email adresses etc, naturally people will try to steal crypto just as the same people would try to steal bank accounts.