Vote for Cryptopolitan on Binance Square Creator Awards 2024. Click here to support our content!

Hackers are targeting Bitcoin ATMs through zero-day attacks

Crypto ATMs on the Decline Despite Growing Global Bitcoin AdoptionCrypto ATMs on the Decline Despite Growing Global Bitcoin Adoption
213618

In this post:

  • Several General Bytes crypto ATMs were hacked through zero-day exploits.
  • Threat actors are redirecting customer deposits and sales to their external wallets.
  • General Bytes is advising users not to use their ATMs until the latest server patches are released.

If the world of cryptocurrency already didn’t have enough to worry about, hackers are now targeting bitcoin ATMs to withdraw large amounts of BTC. 

Recently, a group of anonymous hackers have exploited a zero-day bug in the General Bytes Bitcoin ATM servers to steal BTC from several customers. When the customers purchase or deposit bitcoin through these ATMs, the zero-day vulnerability allows hackers to divert the funds into their own wallets. 

General Bytes is one of the largest manufacturers of cryptocurrency ATMs. Currently, they have nearly nine thousand crypto ATMs installed all over the world, allowing people to purchase, sell, or deposit over 40 different cryptocurrencies. These ATM machines are controlled by a remote Crypto Application Server. The servers directly manage all operations of the devices, including the real-time processing of cryptocurrency purchases and sales. 

Bitcoin ATM
A General Bytes ATM machine

How are hackers targeting the Bitcoin ATMs?  

The General Bytes security advisory board published a memo on August 18th outlining the aspects of this zero-day exploit. The attacker was apparently able to create an admin user account remotely via the CAS admin panel. They achieved this by performing a URL call on the default installation page of the server, which is accessed by employees when they create their first admin account. 

According to the advisory report, this vulnerability has been present in the CAS software since its previous version. The General Bytes team believe that hackers scanned the web for exposed servers running on TCP ports 443 or 7777. All servers hosted at General Bytes and Digital Oceans run on these ports. 

Read Also  Litecoin price analysis: LTC makes another attempt at $77.50 resistance, whats next for the asset?

Once they created the fake admin account, hackers were able to modify the ‘buy’ and ‘sell’ setting on the ATM servers, and direct payments to an external wallet. 

General Bytes has warned its customers not to use their Bitcoin ATMs until they applied two updated server patches. There are currently eighteen General Bytes servers that are exposed to the open web, which might be vulnerable to a zero-day exploit. The majority of these exposed servers are located in Canada. They have also provided a checklist of steps that users must follow when using their services. 

Crypto hacks have soared in recent months, with over $3.2 billion being lost to such incidents in 2021. The figure is already worse this year, so users must take caution when using any crypto or DeFi services. It’s also critically important that every crypto trader or user is always up to date with the latest information on the services they use. 

A Step-By-Step System To Launching Your Web3 Career and Landing High-Paying Crypto Jobs in 90 Days.

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Editor's choice

Loading Editor's Choice articles...

Stay on top of crypto news, get daily updates in your inbox

Most read

Loading Most Read articles...
Subscribe to CryptoPolitan