Hackers are targeting Bitcoin ATMs through zero-day attacks

If the world of cryptocurrency already didn’t have enough to worry about, hackers are now targeting bitcoin ATMs to withdraw large amounts of BTC. 

Recently, a group of anonymous hackers have exploited a zero-day bug in the General Bytes Bitcoin ATM servers to steal BTC from several customers. When the customers purchase or deposit bitcoin through these ATMs, the zero-day vulnerability allows hackers to divert the funds into their own wallets. 

General Bytes is one of the largest manufacturers of cryptocurrency ATMs. Currently, they have nearly nine thousand crypto ATMs installed all over the world, allowing people to purchase, sell, or deposit over 40 different cryptocurrencies. These ATM machines are controlled by a remote Crypto Application Server. The servers directly manage all operations of the devices, including the real-time processing of cryptocurrency purchases and sales. 

Bitcoin ATM
A General Bytes ATM machine

How are hackers targeting the Bitcoin ATMs?  

The General Bytes security advisory board published a memo on August 18th outlining the aspects of this zero-day exploit. The attacker was apparently able to create an admin user account remotely via the CAS admin panel. They achieved this by performing a URL call on the default installation page of the server, which is accessed by employees when they create their first admin account. 

According to the advisory report, this vulnerability has been present in the CAS software since its previous version. The General Bytes team believe that hackers scanned the web for exposed servers running on TCP ports 443 or 7777. All servers hosted at General Bytes and Digital Oceans run on these ports. 

Once they created the fake admin account, hackers were able to modify the ‘buy’ and ‘sell’ setting on the ATM servers, and direct payments to an external wallet. 

General Bytes has warned its customers not to use their Bitcoin ATMs until they applied two updated server patches. There are currently eighteen General Bytes servers that are exposed to the open web, which might be vulnerable to a zero-day exploit. The majority of these exposed servers are located in Canada. They have also provided a checklist of steps that users must follow when using their services. 

Crypto hacks have soared in recent months, with over $3.2 billion being lost to such incidents in 2021. The figure is already worse this year, so users must take caution when using any crypto or DeFi services. It’s also critically important that every crypto trader or user is always up to date with the latest information on the services they use. 

Source: https://www.cryptopolitan.com/hackers-are-targeting-bitcoin-atm/