General Bytes Bitcoin ATMs compromised by threat actors

Bitcoin ATMs compromised as hackers exploit a zero-day bug

John KumiBy John Kiguru edited by John Kiguru
Bitcoin BTC Hacker
Source: gualtiero boffi - shutterstock
All news is rigorously fact-checked and reviewed by leading blockchain experts and seasoned industry insiders.
  • Bitcoin ATM manufacturer General Bytes has asked all ATM operators to update their software after its server was compromised through a zero-day attack.
  • This attack comes almost a year after Kraken Security Labs disclosed the vulnerability of most Bitcoin ATMs as their default admin QR code has never been changed.

Bitcoin ATM manufacturer General Bytes has asked all ATM operators to update their software after its server was compromised through a zero-day attack. According to the company’s security advisory team, the threat actors hacked into its Crypto Application Server (CAS) and stole funds. 

The hackers scanned for exposed servers running on TCP ports 7777 or 443, including servers hosted on General Bytes’ cloud service.

It is important to note that the CAS controls its entire operation including the buying and selling of cryptos. After gaining control, the hackers modified the settings to add themselves as default administrators on the CAS, named gb. From there, the hackers compromised the buy and sell settings, to ensure that all assets sent to the ATMs are redirected to the wallet addresses controlled by them. They also reportedly made away with some funds.

The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.

Regardless of the information given, the company has not disclosed the amount stolen and the ATMs affected. 

Kraken Security Labs pointed out vulnerabilities in General Bytes

It is important to note that General Bytes own and operate over 8827 Bitcoin ATMs across 120 countries. Customers can as well access over 40 crypto assets on its various ATMs. As part of its effort to mitigate the impact, the company has advised customers to not use its ATM servers till they are updated to “patch releases 20220725.22, and 20220531.38 for customers running on 20220531.”

Customers are also reminded to review their “Sell Crypto Settings” before reactivating the terminals. This is to cross-check whether hackers modified their settings to redirect all received funds into their wallet addresses. To ensure that the CAS admin interface is only accessed from authorized IP addresses, customers have also been asked to modify their server firewall settings. In response to criticisms that the company did not invest enough in security audits to prevent this attack, it has stated that several audits have been conducted since 2020. 

This attack comes almost a year after Kraken Security Labs disclosed the vulnerability of most Bitcoin ATMs as their default admin QR code has never been changed. In the report, the security firm observed that General Bytes’ BATMTwo ATM range had several hardware and software vulnerabilities. According to Kraken, it is easier for hackers to compromise any ATM if they get access to the administrative code. In response, General Bytes reportedly informed ATM operators of the vulnerabilities.

Kraken Security Labs reported the vulnerabilities to General Bytes on April 20, 2021, they released patches to their backend system (CAS) and alerted their customers, but full fixes for some of the issues may still require hardware revisions.

Share.
i

This article is for informational purposes only and does not constitute investment advice. Read full disclaimer

Breaking News

John Kumi

John Kumi

Follow

John is a seasoned cryptocurrency and blockchain writer and researcher, boasting an extensive track record of years immersed in the ever-evolving digital frontier. With a profound interest in the dynamic landscape of emerging startups, tokens, and the intricate interplay of demand and supply within the crypto realm, John brings a wealth of knowledge to the table. His academic background is marked by a Bachelor's degree in Geography and Economics, a unique blend that has equipped him with a multifaceted perspective. This diverse educational foundation allows John to dissect the geographical and economic factors influencing the cryptocurrency market, offering insights that go beyond the surface. John's dedication to the crypto and blockchain space is not merely professional but also personal, as he possesses a genuine passion for the technologies that underpin this revolutionary industry. With his astute research skills and commitment to staying at the forefront of industry trends, John is a trusted voice in the world of cryptocurrencies, helping readers navigate the complex and rapidly changing terrain of digital assets and blockchain innovation. John Kiguru is an accomplished editor with a strong affinity for all things blockchain and crypto. Leveraging his editorial expertise, he brings clarity and coherence to complex topics within the decentralized technology sphere. With a meticulous approach, John refines and enhances content, ensuring that each piece resonates with the audience. John earned his Bachelor's degree in Business, Management, Marketing, and Related Support Services from the University of Nairobi. His academic background enriches his ability to grasp and communicate intricate concepts within the blockchain and cryptocurrency space.
Full Profile