Security News > 2022 > August > Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability
Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users.
"This vulnerability has been present in CAS software since version 2020-12-08.".
CAS is short for Crypto Application Server, a self-hosted product from General Bytes that enables companies to manage Bitcoin ATM machines from a central location via a web browser on a desktop or a mobile device.
The zero-day flaw, which concerned a bug in the CAS admin interface, has been mitigated in two server patch releases, 20220531.
General Bytes said the unnamed threat actor identified running CAS services on ports 7777 or 443 by scanning the DigitalOcean cloud hosting IP address space, followed by abusing the flaw to add a new default admin user named "Gb" to the CAS. "The attacker modified the crypto settings of two-way machines with his wallet settings and the 'invalid payment address' setting," it said.
"Two-way ATMs started to forward coins to the attacker's wallet when customers sent coins to [the] ATM.".
News URL
https://thehackernews.com/2022/08/hackers-stole-crypto-from-bitcoin-atms.html
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)