Hackers Steal Crypto From Bitcoin ATM By Exploiting The Zero-Day Bug

Hackers stole crypto from consumers by exploiting a zero-day vulnerability in General Bytes Bitcoin ATM servers.
Hackers Steal Crypto From Bitcoin ATM By Exploiting The Zero-Day Bug

A group of unknown hackers recently stole BTC from multiple clients by exploiting a zero-day weakness in the General Bytes Bitcoin ATM servers. When users use these ATMs to buy or deposit Bitcoin, the zero-day vulnerability allows hackers to reroute the funds into their own accounts.

General Bytes is a leading maker of cryptocurrency ATMs. They currently have approximately 9,000 crypto ATMs installed throughout the world, allowing customers to buy, trade, or deposit over 40 different cryptocurrencies.

A remote Crypto Application Server (CAS) controls these ATM devices. All device activities are managed directly by the servers, including the real-time processing of cryptocurrency purchases and sell.

Hackers Steal Crypto From Bitcoin ATM By Exploiting The Zero-Day Bug

On August 18, the General Bytes security advisory board issued a memo explaining the details of this zero-day exploit. The attacker was allegedly able to remotely create an admin user account via the CAS admin panel. They accomplished this by initiating a URL call on the server’s default installation page, which employees access when they create their first admin account.

This vulnerability has been present in the CAS software from its prior iteration, according to the advisory report. According to the General Bytes team, hackers scanned the web for unprotected servers running on TCP ports 443 or 7777. These ports are used by all servers hosted by General Bytes and Digital Oceans.

Hackers were able to alter the ‘buy’ and ‘sell’ settings on the ATM servers and direct funds to an external wallet after creating the bogus admin account.

General Bytes has warned its customers not to use their Bitcoin ATMs until they applied two updated server patches. There are currently eighteen General Bytes servers that are exposed to the open web, which might be vulnerable to a zero-day exploit. The majority of these exposed servers are located in Canada. They have also provided a checklist of steps that users must follow when using their services.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Harold

CoinCu News

Hackers Steal Crypto From Bitcoin ATM By Exploiting The Zero-Day Bug

Hackers stole crypto from consumers by exploiting a zero-day vulnerability in General Bytes Bitcoin ATM servers.
Hackers Steal Crypto From Bitcoin ATM By Exploiting The Zero-Day Bug

A group of unknown hackers recently stole BTC from multiple clients by exploiting a zero-day weakness in the General Bytes Bitcoin ATM servers. When users use these ATMs to buy or deposit Bitcoin, the zero-day vulnerability allows hackers to reroute the funds into their own accounts.

General Bytes is a leading maker of cryptocurrency ATMs. They currently have approximately 9,000 crypto ATMs installed throughout the world, allowing customers to buy, trade, or deposit over 40 different cryptocurrencies.

A remote Crypto Application Server (CAS) controls these ATM devices. All device activities are managed directly by the servers, including the real-time processing of cryptocurrency purchases and sell.

Hackers Steal Crypto From Bitcoin ATM By Exploiting The Zero-Day Bug

On August 18, the General Bytes security advisory board issued a memo explaining the details of this zero-day exploit. The attacker was allegedly able to remotely create an admin user account via the CAS admin panel. They accomplished this by initiating a URL call on the server’s default installation page, which employees access when they create their first admin account.

This vulnerability has been present in the CAS software from its prior iteration, according to the advisory report. According to the General Bytes team, hackers scanned the web for unprotected servers running on TCP ports 443 or 7777. These ports are used by all servers hosted by General Bytes and Digital Oceans.

Hackers were able to alter the ‘buy’ and ‘sell’ settings on the ATM servers and direct funds to an external wallet after creating the bogus admin account.

General Bytes has warned its customers not to use their Bitcoin ATMs until they applied two updated server patches. There are currently eighteen General Bytes servers that are exposed to the open web, which might be vulnerable to a zero-day exploit. The majority of these exposed servers are located in Canada. They have also provided a checklist of steps that users must follow when using their services.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Harold

CoinCu News