Hacker Stole Money From Bitcoin ATM Users
- Bitcoin ATM maker General Bytes faced a compromise on its servers via a zero-day attack that happened last week.
- The company did not reveal the amount of funds stolen, or the number of ATMs compromised. However, General Bytes has advised ATM operators to urgently update their software.
Renowned Bitcoin ATM maker General Bytes has recently faced a compromise on its servers via a zero-day attack that happened last week. The incident allowed the attackers to act as default admins and change settings to transfer all the funds to their wallet address.
Neither the company revealed the amount of funds stolen, nor the number of Bitcoin ATMs compromised. However, General Bytes has advised ATM operators to urgently update their software.
According to the company’s advisory published on Thursday, the hacker identified a security bug in the CAS admin interface. They scanned cloud hosting provider Digital Ocean’s IP address space and misused the vulnerability to identify running CAS services on ports 7777 or 443. After this, they created a new default admin user, organization, as well as terminal.
After thoroughly assessing the CAS interface, the attacker renamed the default admin user to “gb.” After this, they made changes to the crypto settings of two-way machines with thor wallet settings. This resulted in two-way Bitcoin ATMs forwarding cryptocurrencies to the attacker’s wallet when customers sent their funds to ATMs:
“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.”
Despite the unfortunate breach, General Bytes claims that no access to the database has been made. Moreover, the attacker didn’t gain access to the host operation and file system. The Prague, Czech Republic- headquartered company clarified that all the passwords, password hashes, salts, API keys, and private keys are safe.
Bitcoin ATM marker’s urge to customers
General Bytes, which owns and operates 8827 Bitcoin ATMs spread in more than 120 nations, offers customers the opportunity to buy and sell more than 40 cryptocurrencies.
The company has urged customers running on 20220531 to stop using their General Bytes ATM servers until they update their servers to patch releases 20220725.22 and 20220531.38.
Users have also been encouraged to change their server firewall settings so that the CAS admin interface can only be accessed from permitted IP addresses.
General Bytes also advised consumers to check their “SELL Crypto Setting” before restarting the terminals to make sure that the hackers hadn’t changed the settings so that any money received would be transferred to them instead (and not the customers).
Since its founding in 2020, General Bytes claimed that multiple security audits have been carried out, but none of them ever discovered this vulnerability.
Notably, the attack occurred just three days after the company made public announcements about a “Help Ukraine” feature on its ATMs.
A crypto journalist with over 3 years of experience in DeFi, NFT, metaverse, etc. Parth has worked with major media outlets in the crypto and finance world and has gained experience and expertise in crypto culture after surviving bear and bull markets over the years.
