The manuscript at www.statcounter  com/counter/counter. js was modified by the enemies to add a piece of code in the middle of the script. Usually hackers add code at the beginning or at the end of the manuscript. Including code in the middle of a script can prevent discovery as a questionable code in the middle of the script is more difficult to identify.
The piece of code added by the hackers was set to spot any type of LINK which contains myaccount/withdraw/BTC. This indicates that cyberpunks were attempting to swipe Bitcoin from a system which traded Bitcoin. After effective recognition of the wanted URL, the manuscript will certainly include a brand-new script aspect to the web page connected to the LINK as well as fuse the code at https://www.statconuter  com/c. php.
Hacking done the smart way
The domain name used by the hackers is really comparable to the original domain. The hackers have actually turned 2 letters from StatCounter, that makes it more challenging to find the harmful manuscript. According to the report this domain has actually been suspended in 2010 on account of spam as well as abuse.
The research study located that the LINK, myaccount/withdraw/BTC, targeted by the code was active on just one page and the web page came from Gate.io, a crypto exchange. As a result, the study ends that Gate.io was the main target of the hack. Gate.io functions over a million bitcoin purchases suggesting that the robbing Bitcoins from the exchange walking cane be profitable.
The webpage https://www.gate  io/myaccount/withdraw/ BTC is utilized to transfer bitcoin from a gate.io account to an outside Bitcoin address. During the second action in the transaction process when the customer clicks the send button for the withdrawal, the malicious manuscript will alter the location Bitcoin address. The hackers appear have actually elevated the ante by transforming the Bitcoin address with each deal making it tough to determine the variety of Bitcoins transferred to phony addresses.