Bitcoin ATM Company Under Attack By Hackers Leveraging The Zero-Day Bug

HomeBitcoin News
Share this article
Subscribe for weekly updates
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

General Bytes released a statement, saying, “The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page used for the default installation on the server and creating the first administration user. This vulnerability has been present in CAS software since version 20201208.”

The world’s largest Bitcoin ATM manufacturer, General Bytes, reported a security breach on August 18th. The hackers were able to compromise the company’s servers, redirecting crypto assets to their wallets.

They took advantage of the zero-day vulnerability in the company’s Crypto Application Server (CAS). General Bytes’ CAS manages the ATM operations, cryptocurrency purchases, and sales carried out on exchanges. Hence, the hackers created an admin user account through the CAS, making it vulnerable.

The company believes the hackers scanned for exposed servers on TCP ports 7777 or 443, including servers hosted on General Bytes’ cloud service. From there, the hackers could add themselves as default admins on the CAS named GB.

They then further modified the buy and sell settings so that they could transfer any crypto received by the Bitcoin ATM. 

In General Bytes' words;

“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page used for the default installation on the server and creating the first administration user. This vulnerability has been present in CAS software since version 20201208.”

Currently, the stolen amount and the number of compromised ATMs are unknown as General Bytes has yet to disclose the information.

General Bytes, which owns about 8,827 Bitcoin ATMs accessible in over 120 countries, has urged its customers to refrain from using their General Bytes ATM servers until it has updated the servers to patch releases 20220725.22 and 20220531.38 for customers running on 20220531.

Users are also advised to modify their server firewall settings so that no unauthorized IP addresses can access the CAS admin interface. Also, they should review their “SELL Crypto” settings before reactivating the terminals. This is to ensure that the hackers did not modify the settings such that the funds are transferred to them rather than the customer.

We're glad you read to this point!

Every week, we publish an email newsletter highlighting all the juicy stories we covered in the crypto space, bringing all the major happenings to your doorstep.

So, if you want to have top stories delivered to your email inbox every week, subscribe to our newsletter!

General Bytes released a statement, saying, “The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page used for the default installation on the server and creating the first administration user. This vulnerability has been present in CAS software since version 20201208.”

The world’s largest Bitcoin ATM manufacturer, General Bytes, reported a security breach on August 18th. The hackers were able to compromise the company’s servers, redirecting crypto assets to their wallets.

They took advantage of the zero-day vulnerability in the company’s Crypto Application Server (CAS). General Bytes’ CAS manages the ATM operations, cryptocurrency purchases, and sales carried out on exchanges. Hence, the hackers created an admin user account through the CAS, making it vulnerable.

The company believes the hackers scanned for exposed servers on TCP ports 7777 or 443, including servers hosted on General Bytes’ cloud service. From there, the hackers could add themselves as default admins on the CAS named GB.

They then further modified the buy and sell settings so that they could transfer any crypto received by the Bitcoin ATM. 

In General Bytes' words;

“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page used for the default installation on the server and creating the first administration user. This vulnerability has been present in CAS software since version 20201208.”

Currently, the stolen amount and the number of compromised ATMs are unknown as General Bytes has yet to disclose the information.

General Bytes, which owns about 8,827 Bitcoin ATMs accessible in over 120 countries, has urged its customers to refrain from using their General Bytes ATM servers until it has updated the servers to patch releases 20220725.22 and 20220531.38 for customers running on 20220531.

Users are also advised to modify their server firewall settings so that no unauthorized IP addresses can access the CAS admin interface. Also, they should review their “SELL Crypto” settings before reactivating the terminals. This is to ensure that the hackers did not modify the settings such that the funds are transferred to them rather than the customer.

We're glad you read to this point!

Every week, we publish an email newsletter highlighting all the juicy stories we covered in the crypto space, bringing all the major happenings to your doorstep.

So, if you want to have top stories delivered to your email inbox every week, subscribe to our newsletter!

Written by
Chiagoziem Bede Ikwueze