The script at www.statcounter  com/counter/counter. js was changed by the assaulters to include an item of code in the middle of the script. Typically cyberpunks include code at the start or at the end of the script. Adding code in the middle of a manuscript can stay clear of discovery as a dubious code in the middle of the manuscript is more difficult to recognize.
The item of code included by the cyberpunks was set to find any kind of URL that contains myaccount/withdraw/BTC. This indicates that hackers were attempting to steal Bitcoin from a platform which traded Bitcoin. After successful recognition of the desired LINK, the manuscript will include a new script component to the page linked to the LINK and also fuse the code at https://www.statconuter  com/c. php.
Hacking done the clever method
The domain made use of by the hackers is very comparable to the original domain name. The hackers have actually turned two letters from StatCounter, that makes it more difficult to spot the destructive manuscript. According to the record this domain has actually been put on hold in 2010 therefore spam and abuse.
The research located that the LINK, myaccount/withdraw/BTC, targeted by the code was energetic on just one web page as well as the web page came from Gate.io, a crypto exchange. For that reason, the research study ends that Gate.io was the major target of the hack. Gate.io attributes over a million bitcoin purchases suggesting that the robbing Bitcoins from the exchange walking stick pay.
The webpage https://www.gate  io/myaccount/withdraw/ BTC is used to move bitcoin from a gate.io account to an external Bitcoin address. Throughout the 2nd step in the transaction procedure when the user clicks the submit switch for the withdrawal, the destructive script will certainly alter the location Bitcoin address. The hackers appear have actually raised the ante by changing the Bitcoin address with each purchase making it difficult to identify the variety of Bitcoins transferred to phony addresses.