General Bytes is the third largest manufacturer of cryptocurrency ATMs worldwide. They have confirmed that their ATMs were hacked using a zero-day vulnerability in server ports to steal cryptocurrencies from customers.
General Bytes has over 8,000 Bitcoin ATMs across more than 120 countries and territories to enable people to trade or buy over 40 cryptocurrencies.
According to the company, hackers had discovered a zero-day vulnerability within the crypto application server (CAS). This allowed remote operations to gain administrator privileges. Customers could then modify the recipient wallet address to steal money for buying and selling cryptocurrencies.
A zero day, also known by the “0-day”, is followed with various situations such “vulnerability,” exploit, and attack.” Zero-day refers to a vulnerability exploited or hacked in the original code.
According to the version update notes released by General Bytes on the 18th, explained that：
“The attacker was capable of creating an admin user remotely via the CAS administration interface via a URL call to the page used for default installation on the server. Also, the attacker created the first administrator user.”
Digital Ocean’s cloud-hosting server vulnerabilities were scanned by hackers using TCP port 7777 and 433 to scan the network. They created a default administrator user called “gb” then added it to the company’s Crypto Applicate Server (CAS).
After this, the user can remotely modify the preset “buy”, “sell”, and other wallet positions on an ATM. The trader will then operate the ATM to transfer the cryptocurrency to the hacker’s wallet.
The company has not revealed the amount of stolen money or the number stolen ATMs, nor the patched server vulnerability.
According to the security bulletin, this vulnerability was present in the CAS Software since version 20201208.
Image source: Shutterstock