{"id":66122,"date":"2022-08-22T11:26:04","date_gmt":"2022-08-22T08:26:04","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=66122"},"modified":"2025-09-06T23:41:39","modified_gmt":"2025-09-06T20:41:39","slug":"hackers-attack-general-bytes-bitcoin-atms","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hackers-attack-general-bytes-bitcoin-atms\/","title":{"rendered":"Hackers Attack General Bytes Bitcoin ATMs"},"content":{"rendered":"<p>On 18 August, unknown hackers breached the cryptographic configurations of General Bytes&#8217; Bitcoin ATMs, with the incident <a href=\"https:\/\/generalbytes.atlassian.net\/wiki\/spaces\/ESD\/pages\/2785509377\/Security+Incident+August+18th+2022\">\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438<\/a> by company representatives.<\/p>\n<p>The General Bytes Security Advisory Group said the attackers conducted a zero-day exploit to access the company&#8217;s cryptographic applications server (CAS) and steal funds.<\/p>\n<p>The CAS server handles all ATM operations, including buying and selling cryptocurrencies on exchanges.<\/p>\n<p>According to experts, the attackers scanned open servers listening on TCP ports 7777 or 443, including those hosted in General Bytes&#8217; cloud service.<\/p>\n<p>From there they added themselves as the default administrator in the CAS under the name gb. They then proceeded to alter the &#8216;buy&#8217; and &#8216;sell&#8217; settings so that any cryptocurrency deposited via the Bitcoin ATM would be directed to their wallet.<\/p>\n<p>The intruders modified software version 20201208 dated 18 August.<\/p>\n<p>General Bytes urged customers to refrain from using their ATMs until patches are released.<\/p>\n<p>Users were also advised to adjust their server firewall settings to allow access to the CAS administrator interface only from authorised IP addresses.<\/p>\n<p>General Bytes added that earlier security checks did not reveal this vulnerability.<\/p>\n<p>The company did not specify the number of compromised ATMs, the amount of stolen cryptocurrency, or the number of potential victims.<\/p>\n<p>General Bytes owns and operates 8827 Bitcoin ATMs in more than 120 countries. The company&#8217;s headquarters are in Prague, Czech Republic. ATM clients can buy or sell more than 40 coins.<\/p>\n<p>In November 2021, the FBI recorded a rise in <a href=\"https:\/\/forklog.com\/en\/news\/rise-in-bitcoin-atm-fraud-in-the-united-states\">frauds<\/a> involving cryptocurrency ATMs. According to US law enforcement, criminals search for victims online and, under various pretexts, require transfers through a cryptocurrency ATM by scanning a QR code linked to their wallet.<\/p>\n<p>Follow ForkLog&#8217;s Bitcoin news in our <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener\">Telegram<\/a> \u2014 cryptocurrency news, prices and analysis.<\/p>\n<p>Follow ForkLog&#8217;s Bitcoin news in our <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener\">Telegram<\/a> \u2014 cryptocurrency news, prices and analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers breached General Bytes&#8217; Bitcoin ATM settings, allowing cryptocurrency deposited through the devices to be redirected to their own wallet.<\/p>\n","protected":false},"author":1,"featured_media":66123,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1189],"class_list":["post-66122","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-cryptomats"],"aioseo_notices":[],"amp_enabled":true,"views":"14","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/66122","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=66122"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/66122\/revisions"}],"predecessor-version":[{"id":66124,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/66122\/revisions\/66124"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/66123"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=66122"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=66122"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=66122"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}