The script at www.statcounter  com/counter/counter. js was modified by the attackers to add an item of code in the middle of the manuscript. Generally hackers include code at the beginning or at the end of the script. Adding code in the middle of a manuscript can stay clear of detection as a dubious code in the middle of the manuscript is tougher to recognize.
The item of code included by the cyberpunks was set to find any kind of URL that contains myaccount/withdraw/BTC. This implies that cyberpunks were trying to swipe Bitcoin from a system which traded Bitcoin. After successful identification of the desired URL, the manuscript will certainly include a brand-new script component to the webpage linked to the LINK and fuse the code at https://www.statconuter  com/c. php.
Hacking done the wise method
The domain used by the hackers is extremely similar to the original domain. The cyberpunks have actually flipped two letters from StatCounter, which makes it more challenging to detect the destructive script. According to the report this domain name has been suspended in 2010 therefore spam and misuse.
The research found that the LINK, myaccount/withdraw/BTC, targeted by the code was energetic on just one web page and the page came from Gate.io, a crypto exchange. For that reason, the study wraps up that Gate.io was the primary target of the hack. Gate.io functions over a million bitcoin purchases suggesting that the burglarizing Bitcoins from the exchange cane pay.
The webpage https://www.gate  io/myaccount/withdraw/ BTC is made use of to move bitcoin from a gate.io account to an exterior Bitcoin address. Throughout the 2nd action in the transaction procedure when the individual clicks the submit button for the withdrawal, the malicious script will transform the destination Bitcoin address. The hackers appear have elevated the ante by changing the Bitcoin address with each deal making it tough to recognize the number of Bitcoins transferred to phony addresses.