Gate.io may be a modest exchange—ranked 39th in the world with a 24-hour trading volume of just under $50 million—but the kind of breach it suffered today was probably one of the most overengineered in the last few years.
Instead of approaching the exchange directly with a cheaply-executed and safe, but minimally effective phishing attack, hackers decided to do their deed by injecting code into the site via another platform that it uses. They quickly got to breaching StatCounter, a well-known analytics platform, according to a report by ZDNet.
Matthieu Faou, an ESET malware researcher, said that StatCounter still isn’t replying to the company’s emails regarding the breach.
“The JavaScript file [...] is still compromised,” he said.
The script in question normally collects statistics about the platform’s users, providing Gate.io with valuable data that allows it to make more user-friendly design choices. The firestorm started when the hackers changed th...
This article appeared first on Cryptovest