General Bytes' ATM clients lose their funds due to security problems.
General Bytes, the world’s largest Bitcoin and cryptocurrency ATM manufacturer, has faced a zero-day vulnerability attack, which resulted in customers losing their funds.
According to the statement shared on August 19th, the hacker has identified the security vulnerability in the company's Crypto Application Server (CAS) “admin interface”. In the blog post, the team noted:
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
Layer 2 Scaling Solutions Explained With Animations
The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.
The Crypto Application Server is the most important part of managing ATMs. Through this system, admins control “the execution of buying and selling of crypto on exchanges and which coins are supported”.
Therefore, using the flaw in CAS, the hacker created a new admin and modified two-way machine settings to their wallet. As a result, when users started sending their coins to ATMs, the transferred coins went straight to the hacker.
The company did not disclose the amount of funds stolen or how many ATMs were affected by this hack. In total, the company owns 8827 Bitcoin ATMs across 120 countries. On top of that, Bitcoin ATMs support around 40 different cryptocurrencies.
After the hack, General Bytes instructed ATM operators to update the machine software. On the other hand, customers are advised to avoid using General Bytes Bitcoin ATMs until new updates are installed.
The customers are also asked to change their firewall settings, so that only authorized IP addresses can make changes to the CAS system.
The General Bytes team notes that the vulnerabilities in the system have been present since installing the 20201208 version. It comes as a surprise, considering that General Bytes have conducted several security audits since 2020, but no issues were identified.
