Hackers exploited a zero-day vulnerability in the servers of Bitcoin ATM producer General Bytes, allowing the hackers to siphon off money from users to their wallet addresses. The company is yet to disclose the stolen amount.
A zero-day vulnerability in a server to the system is a vulnerability that hasn’t been disclosed or patched yet by the developers.
The hackers via-zero-day attack made themselves the default admins and modified the settings so that all deposited funds would be transferred to their wallet address.
Basically, the hackers found a bug in the ATM servers which they used to get admin access.
They changed the code of the ATM’s server so that all the money being transacted on that ATM would go to the hacker’s account and not the bank.
After the settings were modified, “Two-way ATMs started to forward coins to the attacker’s wallet when customers sent coins to the ATM,” reported General Bytes in a Patch Release note.
They also said that the vulnerability has been present in CAS (Crypto Application Server) software before but they couldn’t identify the vulnerability despite multiple security audits since 2020. CAS is a remote Crypto Application Server that facilitates the functioning of Bitcoin ATMs, including buying and selling of cryptocurrencies on exchanges.
The hackers scanned across ATM servers to find security vulnerabilities which they used to create admin access to change and modify settings.
They warned users against using the General Bytes ATM servers until the patches are released.
Customers were also asked to modify their firewall settings so that the CAS admin interface, which these ATMs use, can only be accessed from authorised IP addresses.
Here’s a snapshot of the steps the customers were asked to follow.
Solution provided to the customers by General Bytes
A year ago, Kraken, a crypto exchange, came out with a report by its Security Labs team that the General Bytes BATMTwo ATM range had “multiple hardware and software vulnerabilities.” Kraken also said that if bad actors get their hands on the administrative tool, they can essentially compromise any Bitcoin ATM they walk up to.
General Bytes then warned its users after Kraken pointed the vulnerabilities out.
General Bytes owns over 8000 Bitcoin ATMs across 12 countries. The company is based in Prague, Czech Republic, where these ATMs are manufactured. According to Coinatmradar.com, the US has the highest number of crypto ATMs.
— ENDS —