{"id":3861,"date":"2023-11-15T17:56:57","date_gmt":"2023-11-15T17:56:57","guid":{"rendered":"https:\/\/www.propelex.com\/?p=3861"},"modified":"2023-11-01T18:05:42","modified_gmt":"2023-11-01T18:05:42","slug":"general-bytes-bitcoin-atm-hit-by-zero-day-bug","status":"publish","type":"post","link":"https:\/\/www.propelex.com\/general-bytes-bitcoin-atm-hit-by-zero-day-bug\/","title":{"rendered":"General Bytes Bitcoin ATM Hit by Zero Day Bug"},"content":{"rendered":"
General Bytes Bitcoin ATM hit by Zero day bug. Stay updated on the security implications and actions needed to protect your crypto assets. Bitcoin ATM manufacturer General Bytes was hacked, with hackers siphoning off cryptocurrencies worth about $1.5 million. This happened after a zero-day flaw in the ATM\u2019s server was exploited by attackers.<\/p>\n
The attackers uploaded a Java application through the master service interface that allows ATMs to upload videos and run it with \u201cbatm\u201d user privileges. This allowed them to access the ATM\u2019s database, read and decrypt encoded API keys; download usernames and password hashes; and turn off two-factor authentication.<\/p>\n
A zero day vulnerability is a flaw in software or hardware that hackers know about but the company responsible for fixing it hasn\u2019t. Hackers exploit the flaw and use it to adversely affect programs, data or additional computers. Once a hacker discovers a zero day vulnerability, they can attack and steal information or money before the vendor fixes it.<\/p>\n
When a security flaw is discovered, it\u2019s often disclosed to the software developer by an ethical hacker or white hat. The white hat can choose to privately disclose the flaw to the software maker, allowing them to fix it before criminal hackers take advantage of it. However, the white hat can also decide to sell the vulnerability to the criminal underground for profit.<\/p>\n
Once a zero day bug crypto hacker finds a vulnerability, they can attack it and steal the information or money that the victim intended to share. This is why it\u2019s so important to only connect to trusted Wi-Fi networks and keep all software and devices updated.<\/p>\n
This week, a cryptocurrency ATM producer was attacked by hackers who took control of its servers and siphoned off 56 bitcoin, worth more than $1.5 million at current prices. The hackers used a zero day flaw in the company\u2019s Crypto Application Server (CAS) to gain access to its customers\u2019 bitcoin wallets and drained their funds.<\/p>\n
The attack was successful because the hackers were able to create a default admin user via the CAS administrative interface. They then tampered with the preset \u201cbuy,\u201d \u201csell,\u201d and \u201cinvalid transaction address\u201d settings to redirect deposited cryptocurrency to their own wallets.<\/p>\n
General Bytes believes the attacker scanned for exposed servers on the internet, including those hosted by Digital Ocean and its own cloud service. Once they found an open port, they added a default administrator user named \u201cgb\u201d to the CAS. Then, they tampered with the CAS\u2019s \u201cbuy\u201d and \u201csell\u201d crypto settings to direct any cryptocurrency sent to it to their own wallets.<\/p>\n
This is a common way for hackers to gain access to a person\u2019s computer and steal their private keys and funds. Once the hackers have your private keys, they can spend your bitcoins and steal other types of cryptocurrency as well. This is why you should only trust the most secure cryptocurrency exchanges.<\/p>\n
During the weekend, hackers exploited an unpatched vulnerability in servers at crypto ATM manufacturer General Bytes to steal digital coins from their customers. The company, one of the three largest crypto ATM manufacturers in the world, disclosed that attackers stole about $1.5 million worth of cryptocurrency from a number of its ATMs. The company believes that the hackers exploited a weakness in its BATM management platform.<\/p>\n
Specifically, the attack used a zero-day bug to take advantage of the ATMs\u2019 master service interface on port 7741, which is designed for uploading videos. The hackers were able to remotely upload a Java application and run it with batm user privileges. This allowed them to gain access to the ATMs\u2019 database, API keys, hot wallets, and other information including user names and password hashes.<\/p>\n
Once the hacker had access to this information, they could tamper with the ATMs\u2019 buy and sell settings to channel incoming cryptocurrency into their own wallets. This is what caused the heist of around 56 bitcoin, or about $1.5 million, from the affected machines.<\/p>\n
The hack also gave the hackers the ability to access a number of user accounts and change their passwords to gain control of them. It\u2019s unclear how many users were impacted by this security breach, but General Bytes says that it is notifying all of its customers who operate the machines.<\/p>\n
General Bytes is now shuttering its cloud service and advising all ATM owners to install their own standalone CAS servers, which it suggests should be placed behind a firewall and VPN. It\u2019s also providing support with data migration for those who would like to do this.<\/p>\n
This hack serves as a reminder that even if a business has a strong cybersecurity system, there is always a chance that hackers will find a way to get into it and steal digital currency or other valuable data. That\u2019s why it is critical to stay up-to-date with all patches and updates, and conduct regular security audits. It\u2019s also important to separate your cryptocurrency from the rest of your personal assets, so that in the event of a breach you can limit the impact.<\/p>\n