Daily Tech News, Interviews, Reviews and Updates

Bitcoin ATMs targeted by hackers through zero-day vulnerability

Cryptocurrency ATM manufacturer General Bytes have come under attack by anonymous hackers by exploiting a zero-day vulnerability. The attack was conducted through their CAS or the Crypto Application Server. Bleeping Computer was the first notified of this by a General Bytes customer.

These ATMs are cloud hosted by CAS. CAS is responsible for the management of cryptocurrencies, which are supported. It also deals with the execution of sales and purchases of them. General Bytes ATMs currently supports over 40+ cryptocurrencies.

A zero-day is a computer bug that is present without prior knowledge to the vendors or software developers. Since its existence is made known after an attack on the system, the system remains prone to attacks until a patch is ready.

According to the General Bytes advisory, attackers apparently created an admin ID remotely on the CAS admin portal. They used the URL call for the default installation page which is for the creation of the first administrative user. This vulnerability has been present since the previous version of CAS.

Attackers are believed to have scanned exposed servers on TCP ports 443 or 7777, and these were the ports used for General Byte and Digital Ocean servers. After the creation of the fake account under the name ‘gb’, hackers modified the ‘buy’ and ‘sell’ settings and diverted funds to accounts in their control with each transaction. The amount of cryptocurrency stolen is unknown.

Warnings have been issued by General Bytes to not use ATMs until patches are installed on the servers. Currently, 18 such exposed servers are present, the majority of them in Canada. A checklist of steps has also been provided to follow before using the services.

Get real time updates directly on you device, subscribe now.



You might also like