Security News > 2023 > March > Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw
Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software.
"The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using 'batm' user privileges," the company said in an advisory published over the weekend.
"The attacker scanned the Digital Ocean cloud hosting IP address space and identified running CAS services on ports 7741, including the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean," it further added.
In addition to urging customers to keep their crypto application servers behind a firewall and a VPN, it's also recommending to rotate all users' passwords and API keys to exchanges and hot wallets.
"The CAS security fix is provided in two server patch releases, 20221118.48 and 20230120.44," General Bytes said in the advisory.
General Bytes did not disclose the exact amount of funds stolen by the hackers, but an analysis of the cryptocurrency wallets used in the attack reveals the receipt of 56.283 BTC, 21.823 ETH, and 1,219.183 LTC. The ATM hack is the second breach targeting General Bytes in less than a year, with another zero-day flaw in its ATM servers exploited to steal crypto from its customers in August 2022.
News URL
https://thehackernews.com/2023/03/hackers-steal-over-16-million-in-crypto.html
Related news
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)