23 August 2022

Malicious actors hacked Bitcoin ATMs using a zero-day vulnerability


Malicious actors hacked Bitcoin ATMs using a zero-day vulnerability

Czech Republic-based Bitcoin ATM maker General Bytes has suffered a cybersecurity incident, which saw threat actors made of with cryptocurrency stolen through the exploitation of a previously unknown vulnerability in General Bytes Bitcoin ATM servers.

The company revealed in a blog post that the intruders identified running CAS services through scanning the Digital Ocean cloud hosting IP address space, and then exploited the zero-day vulnerability in CAS administrative interface to create a default admin user.

The threat actors then modified the crypto settings of a number of two-way machines and inserted their own wallet addresses into the 'Invalid Payment Address' setting, so the BATMs started to forward coins to the attacker's wallet when customers sent invalid payments to BATMs.

The company also noted that the attacks against its ATMs began three days after the BATM manufacturer announced “Help Ukraine” feature to its machines at the beginning of August.

According to General Bytes, the vulnerability has been present in CAS software since version 20201208, but has been addressed by the vendor with the release of server patch releases, 20220531.38 and 20220725.22.

“We’ve concluded multiple security audits since 2020, and none of them identified this vulnerability,” the company added.


Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024