Cybercriminals have attacked a number of websites in an attempt to steal Bitcoins from a single exchange. ZDNet reported on November 6, that “hackers have breached StatCounter, one of the internet's largest web analytics platforms, and have inserted malicious code inside the company's main site-tracking script.”

StatCounter is one of the Internet’s oldest websites, founded in 1999, and it tracks various traffic metrics, such as visitor count. Websites which use StatCounter must add a script to their own pages, and StatCounter uses the script to track various statistics.

But malware researcher Matthieu Faou, with ESET, discovered earlier this week that malicious code had been added to StatCounter’s primary script over the weekend of November 3.

Aiming at Bitcoin

While thousands of websites were infected by the malicious code, the cybercriminals only had a single target in mind. This was cryptocurrency exchange, which, on November 9, had a trading volume of over $33 million in the past 24 hours. I find Bitcoin very appealing, and there are a number of reasons why.

The cybercriminals inserted code which only activated when anyone attempted to make an exchange through The script would replace the user’s Bitcoin address with an address owned by the hackers.

In summation, any victim of this script attempting to make a transaction through would be sending their funds to the hacker instead of their original target. And since the victim would initially sign off on the transaction without realizing where their funds were going, it would be difficult to impossible to get their Bitcoins back.

It's also worth noting, that Bitcoin has died 235 times (or more) over the last nine years.

Funds safe... for now

Faou contacted to remove StatCounter’s tracking service, for the time being. released a statement which said that “the users' funds are safe” and indicated that no one was directly harmed by the attack.

Furthermore, we do not know who the attackers are. Faou said that “a different Bitcoin address is used for each victim. We were not able to find the attackers' main Bitcoin address.” This means that such an attack could happen again, perhaps targeting another cryptocurrency exchange.

While no one may have been harmed by this attack, cryptocurrency users should be aware of the tools they are using and be constantly vigilant about the potential of an online attack. Even if a cryptocurrency website is well protected, this attack shows that they can be vulnerable to weak external resources controlled by a third party.