Hackers exploit a bug on Bitcoin ATMs! After the recent hack on the Solana blockchain, a new player in the crypto ecosystem is affected. The General Bytes company, which seeks to democratize the purchase and sale of Bitcoin through physical counters, saw its servers corrupted at the end of last week.
Hackers take advantage of a zero-day bug!
This Thursday, the servers of the Bitcoin ATM General Bytes were damaged by a so-called “zero day” attack. An attack that would have allowed hackers to self-assign the role of administrator. With this new role in hand, the hacker(s) would have taken advantage of it to transfer all the deposits to the address of their wallet.
In a press release, the company reveals that the vulnerability has been present since the protocol update by the hacker last Thursday.
Good to know: A zero-day bug refers to an unprecedented vulnerability. This means that the supplier is not aware of this type of vulnerability. In fact, zero-day attacks are often successful for hackers.
For now, the company has not revealed the total amount stolen or the number of counters compromised by this hack. Anyway, General Bytes is already working with ATM operators, so that these are updated as soon as possible.
The company has also expressly asked its customers not to use the terminals until the update. In particular for customers using the software version dated May 31, 2022. Customers have also been advised to modify their firewall settings. And to secure the protocol, to make the administration interface only accessible from one or more previously authorized IP addresses.
Recall that the company operates nearly 9,000 ATMs. General Bytes, headquartered in Prague, is present in more than 120 countries around the world. The counters offered by the company allow end customers to interact with more than 60 different crypto projects. Including the main ones like Bitcoin, Litecoin, and Ethereum.
How did the hackers proceed?
On the platform's blog, the General Bytes security team details how the hackers managed to carry out this attack. A hack that was made possible after the company's Crypto Application Server (CAS) was accessed.
The CAS is the server that manages the protocols around ATM operations. Operations that include the purchase, sale, or exchange of digital assets and even the type of tokens supported.
If the investigation is not yet complete around this hack, the security teams believe that the hackers have managed to scan the servers on one or more TCP ports. Including servers hosted on the company's cloud service. It is through this maneuver that they would have succeeded in assigning themselves the role of administrator by default.
To finalize the scam, all that was needed was to modify the purchase and sale parameters so that each transaction passing through the physical ATM box was transferred to the wallet address of the hacker(s).
As the communication from the platform explains:
"The hacker was able to create an administrator user remotely through the CAS administration interface via a URL call to the page which is used for the default installation on the server and the creation of the first administration user."
General Bytes specifies that several security audits had been carried out since its creation in 2020. But none of them had been able to identify this vulnerability.
0 Comments