Bad actors have reportedly compromised the servers of a Bitcoin (BTC) ATM manufacturer, enabling them to redirect crypto assets to their own wallets.
According to a new report by BleepingComputer, crypto ATMs owned by General Bytes have been exploited by hackers who remotely created an admin user account for the company’s Crypto Application Server (CAS).
“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.
This vulnerability has been present in CAS software since version 20201208.”
General Bytes’ security advisory says the firm believes hackers first found a vulnerability within the CAS admin interface, then scanned the internet for specific servers that were exposed, including those hosted by the firm’s own cloud service.
The hackers were able to automatically forward Bitcoin to their wallets every time a customer sent coins to the ATMs, resulting in an undisclosed amount of crypto being stolen.
“The attacker accessed the CAS interface and renamed the default admin user to ‘gb.’
The attacker modified the crypto settings of two-way machines with his wallet settings and the ‘invalid payment address’ setting.
Two-way ATMs started to forward coins to the attacker’s wallet when customers sent coins to ATM.”
According to the advisory, General Bytes is releasing updates to correct the problem but is warning customers not to use the ATMs until the vulnerabilities are fixed.
Don't Miss a Beat – Subscribe to get crypto email alerts delivered directly to your inboxCheck Price Action
Follow us on Twitter, Facebook and Telegram
Surf The Daily Hodl Mix
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Featured Image: Shutterstock/Alexander Geiger
