Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability

Products You May Like

Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users.

“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user,” the company said in an advisory last week. “This vulnerability has been present in CAS software since version 2020-12-08.”

CyberSecurity

It’s not immediately clear how many servers were breached using this flaw and how much cryptocurrency was stolen.

CAS is short for Crypto Application Server, a self-hosted product from General Bytes that enables companies to manage Bitcoin ATM (BATM) machines from a central location via a web browser on a desktop or a mobile device.

The zero-day flaw, which concerned a bug in the CAS admin interface, has been mitigated in two server patch releases, 20220531.38 and 20220725.22.

General Bytes said the unnamed threat actor identified running CAS services on ports 7777 or 443 by scanning the DigitalOcean cloud hosting IP address space, followed by abusing the flaw to add a new default admin user named “gb” to the CAS.

“The attacker modified the crypto settings of two-way machines with his wallet settings and the ‘invalid payment address’ setting,” it said. “Two-way ATMs started to forward coins to the attacker’s wallet when customers sent coins to [the] ATM.”

CyberSecurity

In other words, the goal of the attack was to modify the settings in such a manner that all funds would be transferred to a digital wallet address under the adversary’s control.

The company also emphasized that it had conducted “multiple security audits” since 2020 and that this shortcoming was never identified, adding the attack occurred three days after it publicly announced a “Help Ukraine” feature on its ATMs.

Cyber Security

Products You May Like

Articles You May Like

Tecno Pop 6 Pro With 5,000mAh Battery, 6.6-Inch Display Launched in India: Price, Specifications, Offers
Celsius CEO resigns in the middle of bankruptcy proceedings
Ten Things Elon Musk’s Texts Reveal About the Twitter Deal
Apple stock dips on report the company is bailing on plans to boost new iPhone production
Elon Musk shows off humanoid robot prototype at Tesla AI Day

Leave a Reply

Your email address will not be published.