On August 18th, the world’s largest Bitcoin ATM manufacturer, General Bytes discovered a security flaw. Hackers used a zero-day vulnerability to create an admin user account through the CAS admin panel. This resulted in Bitcoins being siphoned off by the hackers.
The attacks used a zero-day vulnerability in the company’s Crypto Application Server (CAS). The CAS manages how the ATM operates, which cryptos are supported, and how cryptocurrency purchases and sales are carried out on exchanges.
The amount of money stolen and the number of ATMs compromised has not been disclosed, but the company has urgently advised ATM operators to update their software.
General Bytes believes the attacker scanned the internet for exposed servers on TCP ports 7777 or 443, including servers hosted by DigitalOcean and General Bytes’ cloud service.
The bug was used to add a default admin user named ‘gb’ to the CAS and modify the ‘buy’ and ‘sell’ crypto settings and the ‘invalid payment address’ to use a crypto wallet controlled by the hacker.
“This vulnerability has been present in CAS software since version 20201208.”
Customers have been advised not to use their General Bytes ATM servers until they have updated their servers to patch releases 20220725.22, and 20220531.38 for customers running on 20220531.
These attacks would not have been possible if the servers were only allowed connections from trusted IP addresses.
Also Read: Chainalysis Reports a Rise in Crypto Hacks & Fall in Crypto Scams
Customers have also been advised to modify their server firewall settings so that the CAS admin interface can only be accessed from authorized IP addresses.
General Bytes also reminded customers to check their ‘SELL Crypto Setting’ before reactivating the terminals.
