The manuscript at www.statcounter  com/counter/counter. js was modified by the assaulters to include a piece of code in the middle of the script. Typically cyberpunks add code at the start or at the end of the manuscript. Including code in the middle of a script can avoid detection as a dubious code in the middle of the script is harder to identify.
The item of code included by the cyberpunks was set to detect any type of LINK which contains myaccount/withdraw/BTC. This suggests that cyberpunks were trying to take Bitcoin from a platform which traded Bitcoin. After successful identification of the desired URL, the manuscript will add a brand-new manuscript component to the web page associated to the LINK and also fuse the code at https://www.statconuter  com/c. php.
Hacking done the smart way
The domain used by the cyberpunks is really similar to the initial domain name. The cyberpunks have flipped two letters from StatCounter, that makes it more challenging to find the destructive manuscript. According to the record this domain has been suspended in 2010 on account of spam and abuse.
The research study found that the URL, myaccount/withdraw/BTC, targeted by the code was energetic on only one page as well as the page belonged to Gate.io, a crypto exchange. As a result, the research ends that Gate.io was the major target of the hack. Gate.io functions over a million bitcoin purchases suggesting that the burglarizing Bitcoins from the exchange cane pay.
The website https://www.gate  io/myaccount/withdraw/ BTC is made use of to move bitcoin from a gate.io account to an outside Bitcoin address. Throughout the 2nd step in the purchase procedure when the customer clicks the send button for the withdrawal, the harmful script will certainly transform the destination Bitcoin address. The cyberpunks seem have increased the ante by changing the Bitcoin address with each deal making it hard to determine the number of Bitcoins moved to fake addresses.