Manufacturer of Bitcoin ATMs General Bytes acknowledged that it was a victim of a hack that took advantage of a previously undetected software fault to steal cryptocurrency from its consumers.
The company stated in an advisory last week that “the attacker was able to remotely establish an admin user via CAS administrative interface via a URL call on the page that is used for the default installation on the server and generating the first administration user.” The CAS program has had this vulnerability since version 2020-12-08.
The number of servers that were compromised and the amount of cryptocurrency that was taken utilizing this flaw are currently unknown.
The General Bytes self-hosted system known as CAS, or Crypto Application Server, enables businesses to control Bitcoin ATM (BATM) machines from a central location using a web browser on a desktop or mobile device.
Two server patch updates, 20220531.38 and 20220725.22, have mitigated the zero-day vulnerability, which involved a hole in the CAS admin interface.
By scanning the DigitalOcean cloud hosting IP address space, the anonymous threat actor discovered CAS services running on ports 7777 or 443, according to General Bytes. The threat actor then exploited the vulnerability to add a new default admin account named “gb” to the CAS.
According to the statement, “the attacker updated the crypto settings of two-way devices with his wallet settings and the “invalid payment address” option.” “When clients paid coins to [the] ATM, two-way ATMs started to forward coins to the attacker’s wallet.”
In other words, the purpose of the attack was to change the settings such that all monies would be sent to a digital wallet address that was under the control of the enemy.
The corporation added that the attack happened three days after it made a public announcement about a “Help Ukraine” feature on its ATMs, and that despite conducting “several security checks” since 2020, this flaw was never discovered.
Follow us on