General Bytes, the world’s top three manufactuer of cryptocurrency ATMs, has confirmed that its ATMs have been hacked using a zero-day vulnerability in server ports to steal cryptocurrencies from customers.
General Bytes operates over 8,000 Bitcoin ATMs in more than 120 countries and regions to allow people to buy or sell over 40 different cryptocurrencies.
The company claimed that hackers captured a zero-day vulnerability in the company’s crypto application server (CAS), allowing remote operations to gain administrator privileges, thereby modifying the recipient wallet address and allowing customers to obtain stolen money when buying and selling cryptocurrencies.
A zero-day, also known as a “0-day”, is followed by various situations such as “vulnerability, exploit, or attack” alongside zero-day, which refers to a vulnerability exploited by hackers that have not yet been patched in the original code.
According to the version update notes released by General Bytes on the 18th, explained that：
“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page used for the default installation on the server and creating the first administration user.”
Hackers entered Digital Ocean’s cloud hosting server vulnerabilities by scanning TCP port 7777 or 433 on the network, creating a default administrator user named “gb” and adding it to the company’s own Crypto Applicate Server (CAS).
After that, the user can remotely tamper with the preset “buy”, “sell”, “invalid transaction address”, and other wallet positions on the ATM and wait for the trader to operate the ATM to transfer the cryptocurrency, which will then be transferred to the hacker wallet.
At present, the company has not disclosed the specific amount of stolen money and the number of stolen ATMs and patched server vulnerabilities promptly.
According to its security bulletin, the related vulnerability has been present in the CAS software since version 20201208.
Image source: Shutterstock