Black Friday is Now! Don’t miss out on up to 60% OFF InvestingProCLAIM SALE

Hackers Target General Bytes' Bitcoin ATMs With A Zero-Day Attack After 'Help Ukraine' Feature Added

Published 22/08/2022, 14:58
Hackers Target General Bytes' Bitcoin ATMs With A Zero-Day Attack After 'Help Ukraine' Feature Added
TILE
-
BTC/EUR
-
BTC/USD
-
TGTB34
-
CRCW
-
BTC/EUR
-
BTC/JPY
-
BTC/USD
-
BTC/JPY
-
BTC/GBP
-
BTC/GBP
-

The servers of Bitcoin (CRYPTO: BTC) ATM manufacturer General Bytes were compromised by a zero-day exploit, allowing hackers to take over as default administrators and modify settings to send money to their wallet addresses.

Although the total amount of funds stolen and the number of compromised ATMs have not been made public, the company has advised ATM operators to change their software as a precaution.

Customers of ATMs can trade in more than 40 coins as General Bytes is located in Prague, Czech Republic, where the ATMs are made.

General Bytes, which owns and manages 8,827 Bitcoin ATMs that are available in more than 120 countries, acknowledged the theft and said there has been a vulnerability since last Thursday, ever since the hacker’s modifications updated the CAS software to version 20201208.

Customers have been asked by General Bytes to refrain from using their ATM servers until they update their server to patch releases 20220725.22, and 20220531.38 for customers running on 20220531.

Also Read: Crypto Analyst Who Predicted Bitcoin Collapse Now Says 'New Lows Are Just A Matter Of Time'

Customers advised precautionary measures Customers have also been asked to change their server firewall configurations so that, among other things, the CAS admin interface may only be accessed from permitted IP addresses.

The company has also advised users to check their "SELL Crypto Setting" before reactivating the terminals to make sure that the hackers have not changed the settings so that any received funds are not transmitted to the hackers instead.

Since its founding in 2020, General Bytes claimed that multiple security audits have been carried out, but none of them discovered this issue.

It added that the attack came three days after the company publicly announced the 'Help Ukraine' feature on ATMs.

How did the attack happen According to a blog post by the company, the hackers used a zero-day vulnerability to target the company's Crypto Application Server (CAS) and steal funds.

The CAS server controls every aspect of the ATM's functioning, including how cryptocurrency is bought and sold on exchanges and which currencies are accepted.

A recommended cloud hosting provider is Digital Ocean, which runs the General Bytes Cloud service and other GB ATM operators' servers.

The attacker identified running CAS services on ports 7777 or 443 after scanning the IP address space for Digital Ocean cloud hosting. They then generated a new default admin user, organization, and terminal using this security flaw.

Access was then gained to the CAS interface and the admin user's default name was changed to "gb."

With the use of his wallet settings and the "invalid payment address" option, the attacker changed the crypto settings on two-way devices.

When clients placed coin orders at two-way ATMs, coins were sent to the attacker's wallet.

“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user,” the security advisory team stated.

Photo: Courtesy of ajay_suresh on flickr

© 2022 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

Read the original article on Benzinga

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.