General Bytes Bitcoin ATMs Hacked via Zero-Day Attack

Hackers Used Zero-Day Vulnerability to Steal Cryptocurrency

Bitcoin ATM manufacturer General Bytes recently disclosed that its management platform was exploited by hackers, resulting in the theft of cryptocurrency from the company and its customers. The attackers used a zero-day vulnerability in the BATM management platform to steal funds from Bitcoin ATMs that allow users to buy or sell over 40 different cryptocurrencies.

According to General Bytes, the attackers remotely uploaded a Java application via the ATM’s master service interface and ran it with “batm” user privileges. This enabled them to perform several actions, including accessing the database, reading and decrypting API keys, sending funds from hot wallets, downloading user names and password hashes, and turning off 2FA.

The company has urged its customers to take immediate action and install the latest updates to protect their servers and funds from attackers. General Bytes also provided a list of cryptocurrency addresses used by the hacker during the attack, which shows that the attacker began stealing cryptocurrency from Bitcoin ATM servers on March 17th, with the attacker’s Bitcoin address receiving 56.28570959 BTC, worth approximately $1,589,000, and 21.79436191 Ethereum, worth roughly $39,000.

General Bytes to Shutter Cloud Service Due to Security Concerns

General Bytes has announced that it will shutter its cloud service, stating that it is “theoretically (and practically) impossible” to secure it from bad actors when it must simultaneously provide access to multiple operators. The company will provide support with data migration to those who would like to install their own standalone Crypto Application Server (CAS), which should now be placed behind a firewall and VPN.

To address the exploited vulnerability, General Byte has released a CAS security fix provided in two patches, 20221118.48 and 20230120.44. The company plans to conduct numerous security audits of its products by multiple companies in a short period to discover and fix other potential flaws before bad actors find them.

However, this is not the first time that General Bytes has faced security incidents. In August 2022, the company experienced a security breach where hackers exploited a zero-day vulnerability in its ATM servers to steal cryptocurrency from its customers. Additionally, researchers from the Kraken cryptocurrency exchange found multiple vulnerabilities in General Bytes’ ATMs in 2021, which the company quickly fixed.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link