Hackers Attack General Bytes Bitcoin ATMs

On 18 August, unknown hackers breached the cryptographic configurations of General Bytes’ Bitcoin ATMs, with the incident подтвердили by company representatives.

The General Bytes Security Advisory Group said the attackers conducted a zero-day exploit to access the company’s cryptographic applications server (CAS) and steal funds.

The CAS server handles all ATM operations, including buying and selling cryptocurrencies on exchanges.

According to experts, the attackers scanned open servers listening on TCP ports 7777 or 443, including those hosted in General Bytes’ cloud service.

From there they added themselves as the default administrator in the CAS under the name gb. They then proceeded to alter the ‘buy’ and ‘sell’ settings so that any cryptocurrency deposited via the Bitcoin ATM would be directed to their wallet.

The intruders modified software version 20201208 dated 18 August.

General Bytes urged customers to refrain from using their ATMs until patches are released.

Users were also advised to adjust their server firewall settings to allow access to the CAS administrator interface only from authorised IP addresses.

General Bytes added that earlier security checks did not reveal this vulnerability.

The company did not specify the number of compromised ATMs, the amount of stolen cryptocurrency, or the number of potential victims.

General Bytes owns and operates 8827 Bitcoin ATMs in more than 120 countries. The company’s headquarters are in Prague, Czech Republic. ATM clients can buy or sell more than 40 coins.

In November 2021, the FBI recorded a rise in frauds involving cryptocurrency ATMs. According to US law enforcement, criminals search for victims online and, under various pretexts, require transfers through a cryptocurrency ATM by scanning a QR code linked to their wallet.

Follow ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.

Follow ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.