Now a tracking script has been hacked, in an attempt to intercept Bitcoin transactions

Bitcoin hackers continue to vary their tactics…

The majority of websites have some kind of analytics tool, a script that allows the number of visitors on the site in question to be counted and analysed. One such tool is StatCounter, and it’s quite a popular one. But it’s also one that’s – through seemingly no fault of its own – been wrapped up in an attempt to steal Bitcoin this week.

What happened?

Well, StatCounter’s tracking script was infected with a small piece of JavaScript code. This tracking script, StatCounter has confirmed to The Register, was one served by Cloudflare, its content distribution network. As such, when StatCounter does its work, it pulls in the Cloudfare script as part of that, and that’s what seemingly triggered the code in question. Cloudfare, for its part, added that “we have no evidence of a compromise in our infrastructure”.

The hackers were believed to be targeting the cryptocurrency exchange in particular, with the idea of intercepting Bitcoin transactions and redirecting them to a specific wallet address.

It looks as if the scam was intercepted quickly, though, with internet security firm ESET quickly discovering it and acting upon it. That said, StatCounter still apparently took a few days to update its own code. Yet it doesn’t look as if any harm was done, and no Bitcoins were stolen.

StatCounter serves some 700,000 websites, each of which look like they loaded the code in question. But not that they were in danger in this instance. The code was specifically hunting down Bitcoin transactions, and ignoring everything else. This time, it wasn’t successful, thankfully.