Hackers are targeting Bitcoin ATMs through zero-day attacks

bitcoin ATM
TL;DR Breakdown
  • Several General Bytes crypto ATMs were hacked through zero-day exploits.
  • Threat actors are redirecting customer deposits and sales to their external wallets.
  • General Bytes is advising users not to use their ATMs until the latest server patches are released.

If the world of cryptocurrency already didn’t have enough to worry about, hackers are now targeting bitcoin ATMs to withdraw large amounts of BTC. 

Recently, a group of anonymous hackers have exploited a zero-day bug in the General Bytes Bitcoin ATM servers to steal BTC from several customers. When the customers purchase or deposit bitcoin through these ATMs, the zero-day vulnerability allows hackers to divert the funds into their own wallets. 

General Bytes is one of the largest manufacturers of cryptocurrency ATMs. Currently, they have nearly nine thousand crypto ATMs installed all over the world, allowing people to purchase, sell, or deposit over 40 different cryptocurrencies. These ATM machines are controlled by a remote Crypto Application Server. The servers directly manage all operations of the devices, including the real-time processing of cryptocurrency purchases and sales. 

Bitcoin ATM
A General Bytes ATM machine

How are hackers targeting the Bitcoin ATMs?  

The General Bytes security advisory board published a memo on August 18th outlining the aspects of this zero-day exploit. The attacker was apparently able to create an admin user account remotely via the CAS admin panel. They achieved this by performing a URL call on the default installation page of the server, which is accessed by employees when they create their first admin account. 

According to the advisory report, this vulnerability has been present in the CAS software since its previous version. The General Bytes team believe that hackers scanned the web for exposed servers running on TCP ports 443 or 7777. All servers hosted at General Bytes and Digital Oceans run on these ports. 

Once they created the fake admin account, hackers were able to modify the ‘buy’ and ‘sell’ setting on the ATM servers, and direct payments to an external wallet. 

General Bytes has warned its customers not to use their Bitcoin ATMs until they applied two updated server patches. There are currently eighteen General Bytes servers that are exposed to the open web, which might be vulnerable to a zero-day exploit. The majority of these exposed servers are located in Canada. They have also provided a checklist of steps that users must follow when using their services. 

Crypto hacks have soared in recent months, with over $3.2 billion being lost to such incidents in 2021. The figure is already worse this year, so users must take caution when using any crypto or DeFi services. It’s also critically important that every crypto trader or user is always up to date with the latest information on the services they use. 

Mohammad Shahid

Mohammad Shahid

An IT and Cybersecurity graduate with specialized knowledge of cryptocurrency and blockchain, Mohammad joins the Repo elite team. He has worked on several blockchain development projects and is an enthusiastic crypto trader.

Related News

Hot Stories

Bitcoin, Ethereum, Avalanche, and Cosmos Daily Price Analyses – 25 September Roundup
FEG Token Price Prediction 2022-2031: Will the FEG Price Go Up?
XVG Price Prediction 2022-2031: Is Verge a Good Investment?
BitTorrent Price Prediction 2022-2031: Is BTT a Good Investment?
Cardano Price Prediction 2022-2031: Is ADA a good investment?

Follow Us

Industry News

Kenyan Central Bank reiterates stance on crypto
Is the demand for crypto as a payment method declining?
Why is the BoycottBinance hashtag trending today on Twitter?
Financial Empowerment through Bankless Systems
Weekly Crypto Price Analysis: BTC, ETH, SOL, XRP, and ADA