Skip to main content

Nearly 700,000 websites are hacked in bid to steal cryptocurrency

pwstudio/123RF

Popular web analytics platform Statcounter experienced a breach on November 3, according to research from malware researcher Matthieu Faou. Up to 700,000 web pages were targeted in the hack which primarily aimed to steal cryptocurrency through a malicious script.

Per the report, through the script was loaded on many websites, there is nothing much to fear. The malicious Statcounter script behind the attack primarily targeted the cryptocurrency exchange Gate.io to generate Bitcoin addresses. Only if the URL or content in a given webpage contained references to “myaccount/withdraw/BTC” would the malicious script activate and then silently connect to the exchange to fill the hackers’ pockets with money.

Recommended Videos

“Attackers modified the script at www.statcounter[.]com/counter/counter.js by adding a piece of malicious code. … In the middle of the script. This is unusual, as attackers generally add malicious code at the beginning, or at the end, of a legitimate file. Code injected into the middle of an existing script is typically harder to detect via casual observation,” explains Faou.

Please enable Javascript to view this content

The breach was pretty clever and is still live, as all websites running Statcounter need to add a specific code to a website in order to grab more information about users. Hackers clearly leveraged that to their advantage even though the Gate.io service used in the script now claims it doesn’t use Statcounter anymore.

It is still unknown how many end users were truly impacted by this attack, or how much money hackers made. Statcounter has yet to issue a public response, but Gate.io issued a lengthy statement on its website.

“On Nov. 6, 2018, we got the notice from ESET researcher’s report and the “ESET Internet Security” product that there’s a suspicious behavior in Statcounter’s traffic stats service. We immediately scanned it on Virustotal in 56 antivirus products. No one reported any suspicious behavior at that time. …  However, we still immediately removed the Statcounter’s service. After that, we didn’t find any other suspicious behaviors. We want to express our great appreciation and respect to the researcher from ESET Malware Researcher,” said Gate.io.

Cryptocurrency hacks are becoming more common as Bitcoin and Ethereum pick up value. The hack also raises concerns about the nature of external Javascript, since it can easily be modified. Similar cryptocurrency focused hacks have occurred in the past, particularly with Adobe Flash installers.

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Texas brings the ban hammer down on DeepSeek and RedNote
Mobile users experience censorship bias with DeepSeek AI.

If you’re a government worker in Texas, you can’t use DeepSeek or many other Chinese-developed applications on your state-issued device. Texas Governor, Greg Abbott, has instated a ban, preventing state employees from downloading, installing, or using several notable Chinese apps on government-sanctioned devices.

Sighting data privacy and national security concerns, the Governor decreed that state workers are prohibited from interacting with Chinese AI and social media apps including DeepSeek, RedNote, and Lemon8 on state-owned devices. Additionally, the ban includes Chinese stock-trading platforms such as Moomoo, Tiger Brokers, and Webull.

Read more
It’s easier than ever to use ChatGPT Search — sign-in no longer needed
The ChatGPT Search icon on the prompt window

You no longer need to sign in to use ChatGPT Search.

“ChatGPT search is now available to everyone on chatgpt.com,” OpenAI said in a post on X announcing the change, adding, “No sign up required.”

Read more
Apple’s co-founder left 40 years ago today, but that was just the beginning of his story
Steve Wozniak speaking at an event in Paradise Valley, Arizona.

Apple co-founder Steve Wozniak seemingly had it all: surrounded by a successful company that he helped create and with more money to his name than he knew what to do with, to outside observers it must have all looked pretty sweet.

But Wozniak wasn’t happy at Apple -- and 40 years ago today, he quit. That wasn’t the end of the road for the engineering whizz. Instead, he went on to start a set of highly consequential companies and organizations across multiple different disciplines, leaving a mark in a range of different industries.
Early days at Apple

Read more