Hackers Attacked General Bytes Bitcoin ATMs

On August 18, unknown hackers hacked the cryptographic settings of General Bytes Bitcoin ATMs, usingthat they were able to transfer the cryptocurrencies deposited through the devices to their wallet. The incident was confirmed by company representatives.

General Bytes Advisory Group onsecurity said hackers carried out a zero-day attack to gain access to the company's cryptographic application server (CAS) and steal funds.

The CAS server manages all ATM operations, including buying and selling cryptocurrencies on exchanges.

According to experts, the hackers "scanned open servers running on TCP ports 7777 or 443, including those hosted in the General Bytes cloud service."

From there, the hackers added themselves asdefault administrator in CAS named gb. They then proceeded to change the “buy” and “sell” settings so that any cryptocurrencies received by the Bitcoin ATM would go to their wallet.

The attackers made a modification to software version 20201208 dated August 18. General Bytes has urged customers to refrain from using their ATMs until a fix is ​​released.

Users were also advised to change the server firewall settings to allow access to the CAS admin interface only from authorized IP addresses.

General Bytes added that previous security checks did not reveal this vulnerability.

The company did not specify the number of compromised ATMs, the amount of stolen cryptocurrencies and the number of potential victims.

General Bytes owns and operates 8,827 bitcoin ATMs in over 120 countries. The company headquarters is located in Prague, Czech Republic. ATM customers can buy or sell more than 40 coins.

Recall that in November 2021, the FBI recordedan increase in fraud using cryptocurrency ATMs. According to US law enforcement officers, attackers are looking for victims via the Internet and, under various pretexts, demand to transfer funds through a cryptocurrency ATM using a QR code linked to their wallet.