Bad actors have reportedly compromised the servers of a Bitcoin (BTC) ATM manufacturer, enabling them to redirect crypto assets to their own wallets.
According to a new report by BleepingComputer, crypto ATMs owned by General Bytes have been exploited by hackers who remotely created an admin user account for the company’s Crypto Application Server (CAS).
“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.
This vulnerability has been present in CAS software since version 20201208.”
General Bytes’ security advisory says the firm believes hackers first found a vulnerability within the CAS admin interface, then scanned the internet for specific servers that were exposed, including those hosted by the firm’s own cloud service.
The hackers were able to automatically forward Bitcoin to their wallets every time a customer sent coins to the ATMs, resulting in an undisclosed amount of crypto being stolen.
“The attacker accessed the CAS interface and renamed the default admin user to ‘gb.’
The attacker modified the crypto settings of two-way machines with his wallet settings and the ‘invalid payment address’ setting.
Two-way ATMs started to forward coins to the attacker’s wallet when customers sent coins to ATM.”
According to the advisory, General Bytes is releasing updates to correct the problem but is warning customers not to use the ATMs until the vulnerabilities are fixed.
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxFeatured Image: Shutterstock/Alexander Geiger