On August 18, unknown hackers hacked the cryptographic settings of General Bytes bitcoin ATMs, with the help of which they were able to transfer cryptocurrencies deposited via devices to their wallet. The incident was confirmed by representatives of the company.
The General Bytes security advisory group said hackers carried out a zero-day vulnerability attack to gain access to the company’s cryptographic application server (CAS) and steal funds.
The CAS server manages all ATM operations, including the purchase and sale of cryptocurrencies on exchanges.
According to experts, hackers “scanned open servers running on TCP ports 7777 or 443, including those hosted in the General Bytes cloud service.”
From there, the hackers added themselves as the default administrator to the CAS named gb. Then they continued to change the settings of “buying” and “selling” so that any cryptocurrencies received by the bitcoin ATM would go to their wallet.
The attackers made a modification to the software version 20201208 from August 18. General Bytes has urged customers to refrain from using their ATMs until the fixes are released.
Users were also advised to change the settings of the server firewall to allow access to the CAS admin interface only from authorized IP addresses.
General Bytes added that earlier security checks did not reveal this vulnerability.
The company did not specify the number of compromised ATMs, the amount of stolen cryptocurrencies and the number of potential victims.
General Bytes owns and operates 8827 Bitcoin ATMs in more than 120 countries. The company is headquartered in Prague, Czech Republic ATM customers can buy or sell more than 40 coins.
Recall that in November 2021, the FBI recorded anincrease in fraud using cryptocurrency ATMs. According to US law enforcement officials, attackers are looking for victims via the Internet and under various pretexts demand to transfer funds through a cryptocurrency ATM using a QR code linked to their wallet.