A hacker stole crypto funds from customers making deposits at General Bytes Bitcoin ATM machines, according to an advisory published this week.
The hacker modified the crypto settings of two-way machines with his wallet settings and the invalid payment address setting, the company said in an advisory published Thursday. Bleeping Computer first covered the news.
“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user,” the statement said.
The company published steps to take to implement a security fix published on its website. It said that in the multiple audits it has completed since 2020, it had not identified this vulnerability.
The attack happened on the third day after the company publicly announced a “Help Ukraine” feature on its ATMs, the advisory said.
The company didn’t specify how many people were affected by the hack or how much crypto was stolen. The firm was not immediately available to comment when reached.
© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
About Author
Catarina is a reporter for The Block based in New York City. Before joining the team, she covered local news at Patch.com and at the New York Daily News. She started her career in Lisbon, Portugal, where she worked for publications such as Público and Sábado. She graduated from NYU with a MA in Journalism. Feel free to email any comments or tips to [email protected] or to reach out on Twitter (@catarinalsm).
Source: https://www.theblock.co/post/164741/hacker-stole-from-clients-making-deposits-on-bitcoin-atms?utm_source=rss&utm_medium=rss