Several Bitcoin ATMs belonging to General Bytes are infested with a zero-day vulnerability that’s letting hackers siphon the cryptocurrencies deposited by users into them.
They’re seen to be targeting Crypto Application Server (CAS) – on which these Bitcoin ATMs run. They process the funds in and out with a link to some cryptocurrency exchange. Warning people not to make any transactions until said, General Bytes is working on a patch.
Targeting the Glitched Bitcoin ATMs
A security bulletin from General Bytes shared on August 18th revealed that their Bitcoin ATMs are infested with a zero-day vulnerability – that’s letting anyone exploiting it steal the funds deposited by customers.
Also Read- Best Cryptocurrency Apps For Android
They specifically mentioned the problem in their remote Crypto Application Server (CAS) – which they use to manage the cryptocurrencies’ purchases and sales on exchanges and add or delist coins for transactions.
“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.”
Spotting that the bug has been available in their CAS software since version 20201208, General Bytes says attackers may be scanning the internet for exposed servers running on TCP ports 7777 or 443 – through which they can hit the vulnerable systems.
Once they find any, they create another admin account in the CAS to be able to modify the ‘buy’ and ‘sell’ crypto settings and ‘invalid payment address’ – so as to replace the customers’ wallet address with that of their own, and to receive the cryptocurrencies whenever there’s a transaction.
General Bytes advises customers not to operate their Bitcoin ATMs until further said while they’re working to patch the servers. It’s unclear how many servers were affected by this and how much cryptocurrency was stolen till now.
