General Bytes Bitcoin ATM attacked

The server of a popular Bitcoin ATM maker, General Bytes, has been attacked. The firm confirmed the incident in its blog post. The attackers posed as default admins and altered the settings to transfer all the funds to their wallet addresses.

As of press time, General Bytes is yet to publicly disclose the number of funds stolen or the number of Bitcoin ATMs impacted by the exploitation. However, the firm advised other ATM operators to update their software immediately.  

According to information published by the company, a security bug was identified by the hacker in the CAS admin interface. The attackers scanned the cloud hosting provider Digital Ocean’s IP address space and took advantage of the exposure to identify running CAS services on ports 7777 or 443. Also, the hackers allegedly created a new default admin user, organization, and terminal afterward.

The hacker renamed the default admin user “gb” after scanning the CAS interface. The crypto setting of the two-way machine was altered through the wallet settings. As a result of this, funds sent into the ATMs by customers were delivered into the hacker’s wallet through two-way Bitcoin ATMs.

In addition, a URL call on the page used for default installation and creating the first administration user on the server was wielded by the hacker to create an admin user. General Bytes has, however, claimed that the database was not accessed despite the violation. According to the company, all passwords, password hashes, salts, API keys, and private keys are intact.

The company wants users to check their “SELL crypto Setting” to ensure it is not tampered with by hackers. According to the firm, multiple security audits had been carried out since it was established, but none detected the vulnerability. This attack is coming a few days after the firm publicly announced a “Help Ukraine” outline on its ATMs.

The firm urged its customers operating 20220531 to stop using their General Bytes ATM servers. They are advised to upgrade their server to patch releases 20220725.22 and 20220531.38. Furthermore, users are advised to change their server firewall settings so that the CAS admin interface can be accessed through only licensed IP addresses.

Despite the prevailing market conditions, General Bytes has continued to expand its Bitcoin ATM services across the board. Today, it owns and operates over 8827 Bitcoin ATMs in over 120 nations. The firm paves the way for users to trade over 40 crypto cryptocurrency assets. Notably, its ATMs are remotely controlled by a Crypto Application Server (CAS), which manages the operation of the devices.

The company headquarters is situated in Prague, Czech Republic, with offices in Bradenton, Florida, U.S.A., and Panama City, Panama. Its founder, Karel Kyovsky, handed over his CEO responsibilities to Vojtech Frgal during the COVID-19 saga in 2020. Today, the firm has about 24 employees.

Related

• Global Bitcoin ATM Installations Sees a Rise in May-June Month
• Europe’s electronics retail giant to install 12 Bitcoin ATMs in Austria
• All Bitcoin ATMs in the UK declared illegal by the FCA