The script at www.statcounter  com/counter/counter. js was customized by the attackers to include an item of code in the middle of the script. Generally cyberpunks include code at the beginning or at the end of the manuscript. Adding code in the middle of a manuscript can stay clear of detection as a questionable code in the middle of the script is harder to identify.
The piece of code added by the hackers was set to discover any kind of LINK which contains myaccount/withdraw/BTC. This indicates that hackers were attempting to take Bitcoin from a platform which traded Bitcoin. After effective identification of the wanted LINK, the manuscript will certainly include a new manuscript aspect to the web page linked to the URL and fuse the code at https://www.statconuter  com/c. php.
Hacking done the wise method
The domain utilized by the cyberpunks is really comparable to the original domain. The cyberpunks have turned two letters from StatCounter, which makes it more challenging to find the harmful script. According to the report this domain has been suspended in 2010 on account of spam and also abuse.
The study found that the LINK, myaccount/withdraw/BTC, targeted by the code was active on only one page as well as the web page belonged to Gate.io, a crypto exchange. Consequently, the research study ends that Gate.io was the major target of the hack. Gate.io attributes over a million bitcoin transactions implying that the robbing Bitcoins from the exchange walking cane pay.
The website https://www.gate  io/myaccount/withdraw/ BTC is utilized to transfer bitcoin from a gate.io account to an exterior Bitcoin address. Throughout the 2nd step in the transaction procedure when the individual clicks the send switch for the withdrawal, the destructive manuscript will certainly change the destination Bitcoin address. The cyberpunks seem have actually raised the ante by changing the Bitcoin address with each purchase making it difficult to identify the variety of Bitcoins transferred to fake addresses.