Read Time:2 Minute, 10 Second
Bitcoin ATM manufacturer General Bytes has confirmed that a cyber attacker exploited its software to steal cryptocurrency from its users.
In an advisory last week, the company stated, “The attacker created a new user with administrator privileges remotely by using the CAS administrative interface. They found an exposed URL call on the page used during the server’s initial installation process. Since version 2020-12-08, this bug has been an issue in CAS software.”
“Crypto Application Server,” or CAS, is a self-hosted product from General Bytes that enables businesses to manage Bitcoin ATM (BATM) machines from a central location via a web browser on a desktop or mobile device.
The zero-day flaw has been dealt with in two server patch releases, 20220531.38 and 20220725.22. They located this bug in the CAS admin interface.
The unnamed threat actor that General Bytes discovered was running CAS services on ports 7777 or 443 and used a scanning technique to target DigitalOcean cloud hosting IP address space. After taking advantage of the flaw, they created a new default admin user named “gb.”
“The hacker changed the crypto parameters of two-way machines to include his wallet settings and the ‘invalid payment address’ option,” it said. “Two-way ATMs began sending coins to the attacker’s wallet instead of the customer’s when users placed orders.”
The goal of the assault was to change the settings so that the system would transfer money to a digital wallet address under the attacker’s control.
The firm also clarified that it had undergone “multiple security audits” in the last two years and never identified this problem. The assault occurred three days after the firm announced a “Help Ukraine” function on its ATMs.General Bytes advised all its customers to update their software to the latest version as soon as possible. The company has also reset all customer passwords as a precautionary measure.
The hacking incident is not the first time hackers have targeted Bitcoin ATMs. In 2018, a group of attackers used a similar zero-day vulnerability to steal over $1 million worth of cryptocurrency from Lamassu Bitcoin ATMs.
Since then, several other attacks have been reported, with criminals using various methods to steal bitcoins from these machines. In some cases, the attackers physically damaged the machines to access the cryptocurrency stored inside.
With the price of Bitcoin reaching new all-time highs in recent weeks, we will likely see more attacks on Bitcoin ATMs. This underscores the need for users to be vigilant when using these machines and only to use them from reputable manufacturers.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
