Hackers exploit zero-day vulnerability to steal crypto from Bitcoin ATMs

Share post:

Hackers have exploited a zero-day vulnerability in General Byte Bitcoin ATM to steal cryptocurrencies from users. The zero-day flaw exploited by the attacker was found in company’s Crypto Application Server (CAS).

According to General Byte, the attackers scanned the internet for exposed servers running on TCP ports 7777 or 443, including servers hosted by Digital Ocean and General Byte’s cloud service.

They were then able to exploit the bug by adding a default admin user named ‘gb’ to the CAS. They modified the crypto settings “buy” and “sell” and the “invalid payment address” to use a cryptocurrency wallet under the hacker’s control.

After changing the settings above, any cryptocurrency received by CAS was instead forwarded to the hackers.

General Byte has advised customers not to operate their Bitcoin ATMs until they have two server patch releases, 20220531.38 and 20220725.22, installed on their servers.

In addition, it is important to configure firewalls only to allow access to the Crypto Application Server from a tested IP address, such as addresses indicating the location of the ATM or the customer office.

Investigations from BinaryEdge shows that there are still 18 General Bytes Crypto Application Servers still vulnerable on the internet with most coming from Canada.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Starbucks Forced to Pay Baristas Manually After Ransomware Attack

A ransomware attack on Blue Yonder, a third-party scheduling software provider, has disrupted Starbucks’ ability to manage employee...

Google Launches Free Cybersecurity Certificate for Entry-Level Jobs

Google has introduced a new Cybersecurity Professional Certificate, aimed at preparing students for entry-level roles in just six...

Critical Vulnerability Leaves Millions Of Sites Vulnerable To Takeover

A severe authentication bypass vulnerability has been discovered in the WordPress plugin "Really Simple Security" (formerly *Really Simple...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways