Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug

Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers. When customers would deposit or purchase cryptocurrency via the ATM, the funds would instead be siphoned off by the hackers. General Bytes is the manufacturer of Bitcoin ATMs that, depending on the product, allow people to purchase or sell over 40 different cryptocurrencies. The Bitcoin ATMs are controlled by a remote Crypto Application Server (CAS), which manages the ATM’s operation, what cryptocurrencies are supported, and executes the purchases and sales of cryptocurrency on exchanges. Yesterday, BleepingComputer was contacted by a General Bytes customer who told us that hackers were stealing bitcoin from their ATMs. According to a General Bytes security advisory published on August 18th, the attacks were conducted using a zero-day vulnerability in the company’s Crypto Application Server (CAS). “The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user,” reads the General Bytes advisory. “This vulnerability has been present in CAS software since version 20201208.”

Full story : Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug.

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.