Bitcoin automated teller machine (ATM) producer General Bytes led to the compromising of its servers through a zero-day attack, which allowed hackers to make themselves default admins for them to change settings to transfer funds to their wallet addresses, as reported by Cointelegraph.
According to Cointelegraph, total amount of stolen funds and compromised ATMs hasn’t been disclosed but the company recommended ATM operators to change their software as a precautionary measure. The hack was confirmed by General Bytes, which owns and operates 8,827 Bitcoin ATMs which are accessible in more than 120 countries. With the company being stationed in Prague, Czech Republic, where the ATMs are built, ATM customers can do trading in over 40 coins.
On the basis of information by Cointelegraph, the vulnerability has been present since the modifications made by the hacker updated the CAS software to version 20201208. General Bytes, through an official statement, has requested customers to prohibit from further usage of their General Bytes ATM servers until news of further updates to patch release 20220725.22 and 20220531.38, for users of 20220531. Recommendations for customers to update their server firewall settings have also went out for the CAS admin interface to be accessed by authorised internet protocol (IP) addresses. General Bytes also mentioned to customers for reviewing their ‘SELL Crypto Setting’ to make sure that hackers didn’t modify any settings such as receiving transferred funds. The company stated about the conducting of security audits since its beginning in 2020.
Moreover, Cointelegraph noted that General Bytes’ security advisory team, through a blog post, said about hackers and their zero-day vulnerability attack to gain access of the company’s crypto application server (CAS) to extract funds. The company believes about the hackers’ desire to scan for exposed servers functioning on TCP ports 7777 or 443, including servers on General Bytes’ own cloud service.
(With insights from Cointelegraph)
Aslo Read: EIU’s Swarup Gupta on the need for a comprehensive global crypto regulation
