Hackers exploit zero-day vulnerability to steal crypto from Bitcoin ATMs

Share post:

Hackers have exploited a zero-day vulnerability in General Byte Bitcoin ATM to steal cryptocurrencies from users. The zero-day flaw exploited by the attacker was found in company’s Crypto Application Server (CAS).

According to General Byte, the attackers scanned the internet for exposed servers running on TCP ports 7777 or 443, including servers hosted by Digital Ocean and General Byte’s cloud service.

They were then able to exploit the bug by adding a default admin user named ‘gb’ to the CAS. They modified the crypto settings “buy” and “sell” and the “invalid payment address” to use a cryptocurrency wallet under the hacker’s control.

After changing the settings above, any cryptocurrency received by CAS was instead forwarded to the hackers.

General Byte has advised customers not to operate their Bitcoin ATMs until they have two server patch releases, 20220531.38 and 20220725.22, installed on their servers.

In addition, it is important to configure firewalls only to allow access to the Crypto Application Server from a tested IP address, such as addresses indicating the location of the ATM or the customer office.

Investigations from BinaryEdge shows that there are still 18 General Bytes Crypto Application Servers still vulnerable on the internet with most coming from Canada.

The sources for this piece include an article in BleepingComputer.


Related articles

London hospitals cancel over 800 operations after ransomware attack

NHS England disclosed today that a recent ransomware attack on Synnovis has led to the cancellation of hundreds...

Microsoft cancels universal Recall release in favor of Windows Insider preview

Microsoft has decided to cancel the wide release of Recall, the controversial tool for Copilot+ PCs, and instead...

Cyber Security Today, Week in Review for week ending Friday, June 14, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, June 14th,...

Cyber Security Today, June 14, 2024 – Employee downloaded a file that led to hospital chain’s ransomware attack

An employee downloaded a file that led to hospital chain's ransomware attack Welcome to Cyber Security Today. It's Friday...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways