Hackers exploit zero day bug to steal from General Bytes Bitcoin ATMs

cointelegraph.com:

Bitcoin ATM manufacturer General Bytes had its servers compromised via a zero-day attack on Aug. 18, which enabled the hackers to make themselves the default admins and modify settings so that all funds would be transferred to their wallet address.

The amount of funds stolen and number of ATMs compromised has not been disclosed but the company has urgently advised ATM operators to update their software.

The hack was confirmed by General Bytes on Aug. 18, which owns and operates 8827 Bitcoin ATMs that are accessible in over 120 countries. The company is headquartered in Prague, Czech Republic, which is also where the ATMs are manufactured. ATM customers can buy or sell over 40 coins.

The vulnerability has been present since the hacker’s modifications updated the CAS software to version 20201208 on Aug. 18.

General Bytes has urged customers to refrain from using their General Bytes ATM servers until they update their server to patch release 20220725.22, and 20220531.38 for customers running on 20220531.

Customers have also been advised to modify their server firewall settings so that the CAS admin interface can only be accessed from authorized IP addresses, among other things.

Before reactivating the terminals, General Bytes also reminded customers to review their ‘SELL Crypto Setting’ to ensure that the hackers didn’t modify the settings such that any received funds would instead be transferred to them (and not the customers).

General Bytes stated that several security audits had been conducted since its inception in 2020, none of which identified this vulnerability.

General Bytes’ security advisory team stated in the blog that the hackers conducted a zero-day vulnerability attack to gain access to the company’s Crypto