Hackers exploit zero day bug that allows them to steal from General Bytes Bitcoin ATMs. The attack happened on August 18, when the servers of the aforementioned BTC ATM manufacturer were exploited. The zero day bug allowed the hackers to designate themselves as the default admin and change the settings.
By doing this, the hackers were able to transmit all of the stolen money to their own wallets.
The amount of money taken and the number of ATMs affected have not been published, however, the business has urged ATM operators to update their software immediately.
Hackers Exploit Zero Day Bug
On August 18, General Bytes, which owns and manages 8827 Bitcoin ATMs in over 120 countries, acknowledged the hack. The company’s headquarters are in Prague, Czech Republic, where the ATMs are also manufactured. Customers using ATMs can purchase or sell more than 40 coins.
The vulnerability has existed since August 18, when the hacker’s changes changed the CAS software to version 20201208.
Customers have been advised not to use their General Bytes ATM servers until their servers have been updated to patch patches 20220725.22 and 20220531.38 for customers operating on 20220531.
Customers have also been encouraged, among other things, to alter their server firewall settings so that the CAS admin interface may only be accessed from permitted IP addresses.
General Bytes further cautioned consumers to examine their “SELL Crypto Setting” before reactivating the terminals to ensure that the hackers did not change the settings so that any incoming monies were instead sent to them (and not the customers).
Since its beginning in 2020, General Bytes has completed multiple security audits, none of which have found this issue.
How It Happened?
According to General Bytes’ security advisory team, the hackers used a zero-day vulnerability exploit to obtain access to the company’s Crypto Application Server (CAS) and steal the cash.
The CAS server oversees the whole functioning of the ATM, including the execution of crypto buying and selling on exchanges and which currencies are supported.
The hackers “scanned for vulnerable servers operating on TCP ports 7777 or 443, including servers housed on General Bytes’ own cloud service,” according to the business.
The hackers then registered themselves as a default admin on the CAS, calling themselves gb, and then modified the “buy” and “sell” settings such that any crypto received by the Bitcoin ATM was instead sent to the hacker’s wallet address:
“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.”
Read the latest cryptocurrency news.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]