The manuscript at www.statcounter  com/counter/counter. js was modified by the assailants to add a piece of code in the middle of the manuscript. Normally hackers include code at the beginning or at the end of the script. Adding code in the middle of a manuscript can stay clear of detection as a questionable code in the middle of the script is more challenging to recognize.
The piece of code included by the cyberpunks was configured to find any type of URL which contains myaccount/withdraw/BTC. This indicates that cyberpunks were attempting to take Bitcoin from a system which traded Bitcoin. After successful recognition of the preferred URL, the manuscript will include a brand-new script component to the page associated to the LINK and fuse the code at https://www.statconuter  com/c. php.
Hacking done the wise way
The domain name utilized by the hackers is extremely comparable to the initial domain. The hackers have turned two letters from StatCounter, that makes it more difficult to identify the malicious manuscript. According to the record this domain name has actually been put on hold in 2010 on account of spam as well as abuse.
The research study discovered that the URL, myaccount/withdraw/BTC, targeted by the code was active on only one page and the page belonged to Gate.io, a crypto exchange. For that reason, the research study wraps up that Gate.io was the main target of the hack. Gate.io functions over a million bitcoin purchases suggesting that the robbing Bitcoins from the exchange walking stick pay.
The webpage https://www.gate  io/myaccount/withdraw/ BTC is made use of to move bitcoin from a gate.io account to an outside Bitcoin address. During the 2nd step in the transaction process when the user clicks the send switch for the withdrawal, the harmful script will certainly change the destination Bitcoin address. The cyberpunks seem have actually raised the ante by changing the Bitcoin address with each deal making it tough to determine the number of Bitcoins transferred to fake addresses.