General Bytes, the manufacturer of Bitcoin ATM, revealed that its servers were compromised through a zero-day attack on August 18. The attack allowed the threat actors to be the default admins while they changed the settings so that all the funds would be transferred into their crypto wallet addresses.
General Bytes servers compromised after a zero-day attack
General Bytes is yet to disclose the amount of stolen funds and the number of compromised ATMs because of the attack. However, the company has issued an advisory to all the ATM operators, asking them to update their software to keep user funds safe.
The exploit that made the hackers be in charge of the servers was confirmed by the company on August 18. General Bytes is a firm that owns and operates 8827 Bitcoin ATMs. These ATMs can be used in more than 120 countries.
The firm has its headquarters in Prague, Czech Republic, where the ATMs are created. Bitcoin ATMs have become increasingly popular because of their convenience for traders who want to convert their crypto into fiat currency easily.
Your capital is at risk.
The firm security experts said that the hackers exploited a zero-day vulnerability to access the company’s Crypto Application Server (CAS) and steal the funds in question.
The CAS server is behind all the operations of the ATM, including the execution of crypto purchases and sales on exchanges and supported coins. The General Bytes security team believes the hackers scanned the vulnerable servers on TCP ports, including the ones on the General Bytes cloud service.
Issues an advisory to customers
The vulnerability in these ATMs was detected after the hacker altered the CAS software to version 20201208. General Bytes has urged its customers to keep away from using the General Bytes ATM servers until they are updated to patch releases 20220725 and 20220531.38 for the customers using the 20220531 version.
Users have also been advised of their server firewall settings to guarantee that the CAS admin interface can only be accessed using authorized IP addresses and multiple other factors. Before the users can reactivate the terminals, they have also been advised to review the “SELL Crypto Setting” to guarantee the attackers have not changed the settings so that any received finds would be transferred to them instead.
The firm has conducted audits on its servers multiple times since 2020. None of the conducted audits revealed the vulnerability exploited by the hacker, and the incident caught the company by surprise.
Read more:
