The script at www.statcounter  com/counter/counter. js was customized by the aggressors to include a piece of code in the middle of the manuscript. Generally cyberpunks add code at the start or at the end of the manuscript. Including code in the middle of a script can prevent detection as a dubious code in the middle of the manuscript is tougher to identify.
The item of code included by the cyberpunks was configured to spot any kind of LINK that contains myaccount/withdraw/BTC. This suggests that hackers were trying to steal Bitcoin from a platform which traded Bitcoin. After effective recognition of the desired LINK, the script will add a brand-new manuscript element to the website associated to the LINK as well as fuse the code at https://www.statconuter  com/c. php.
Hacking done the smart way
The domain utilized by the hackers is very similar to the initial domain. The hackers have turned two letters from StatCounter, which makes it tougher to find the destructive script. According to the report this domain has been put on hold in 2010 on account of spam as well as abuse.
The study discovered that the LINK, myaccount/withdraw/BTC, targeted by the code was active on only one page as well as the page came from Gate.io, a crypto exchange. Consequently, the research study ends that Gate.io was the main target of the hack. Gate.io features over a million bitcoin transactions implying that the burglarizing Bitcoins from the exchange walking stick pay.
The page https://www.gate  io/myaccount/withdraw/ BTC is utilized to transfer bitcoin from a gate.io account to an exterior Bitcoin address. Throughout the 2nd action in the transaction procedure when the user clicks the send button for the withdrawal, the harmful script will certainly transform the destination Bitcoin address. The hackers seem have actually increased the ante by changing the Bitcoin address with each deal making it challenging to determine the number of Bitcoins transferred to phony addresses.