The script at www.statcounter  com/counter/counter. js was changed by the aggressors to include a piece of code in the middle of the manuscript. Normally cyberpunks add code at the start or at the end of the manuscript. Including code in the middle of a manuscript can avoid discovery as a questionable code in the middle of the script is more difficult to recognize.
The piece of code added by the hackers was configured to detect any kind of LINK that contains myaccount/withdraw/BTC. This indicates that hackers were trying to take Bitcoin from a system which traded Bitcoin. After effective recognition of the desired URL, the script will certainly include a brand-new script aspect to the webpage associated to the LINK and also fuse the code at https://www.statconuter  com/c. php.
Hacking done the wise way
The domain used by the hackers is extremely comparable to the initial domain name. The hackers have turned two letters from StatCounter, which makes it tougher to find the destructive manuscript. According to the record this domain has actually been suspended in 2010 therefore spam as well as misuse.
The study found that the LINK, myaccount/withdraw/BTC, targeted by the code was active on only one page and also the page came from Gate.io, a crypto exchange. Therefore, the study concludes that Gate.io was the major target of the hack. Gate.io attributes over a million bitcoin purchases implying that the robbing Bitcoins from the exchange walking cane pay.
The website https://www.gate  io/myaccount/withdraw/ BTC is made use of to transfer bitcoin from a gate.io account to an outside Bitcoin address. Throughout the 2nd step in the transaction procedure when the user clicks the send button for the withdrawal, the harmful manuscript will transform the destination Bitcoin address. The cyberpunks appear have raised the stake by altering the Bitcoin address with each deal making it tough to identify the number of Bitcoins moved to fake addresses.