General Bytes, one of the world’s largest cryptocurrency ATM manufacturers, has reported that its crypto ATM (BTM) have been hacked using a Zero-Day attack. This attack included the detour of user funds to the Hackers’ wallet address.
How to make money with hacked BTM
General Bytes, a company that facilitates the buying and selling of about 40 cryptocurrencies through more than 8,000 ATMs installed in nearly 120 countries around the world, has confirmed the hacking of its BTMs.
According to a security note released on August 18 and regularly updated, the hackers used a “Zero-Day” vulnerability (editor’s note: this is a vulnerability that has been disclosed but not yet fixed) present in the CAS software since version 20201208 to remotely create an administrator account.
This new administrator status allowed them, among other things, to insert their own address as a wallet to receive transactions from the various Bitcoin ATMs. A trick that seems to have worked, at least for users of the two-way ATMs, whose funds were automatically transferred to the hacker’s wallet when General Bytes’ customers tried to exchange their cryptos.
General Bytes’ efficient communication avoids disaster (?)
General Bytes has communicated on the magnitude of this hack. According to the security incident note updated on August 22, 2022, “the total damage to ATM operators based on their feedback is $16,000.” Although not all affected customers have yet reported their losses, the quick identification of the breach as well as the communication of security instructions to users seems to have limited the damage.
Indeed, General Bytes has asked its customers to refrain from using their servers until the updates fixing the flaw are released. The company also advised customers to change their server settings so that the CAS administration interface can only be accessed from authorized IP addresses, among other things.
General Bytes also called on operators to be vigilant. The company recommended that they check the “cryptocurrency sale settings” to ensure that funds are transferred to the right address.
For now, General Bytes has reported the hack to the Czech police . As part of the investigation, the company is collecting feedback and opinions from users and anyone interested through this public form. Let’s hope that this case does not deter Japan from bringing BTMs to their country…
I dream of a world where every citizen has total control over themselves, including their finances. I believe that Bitcoin is one of the tools that will achieve this revolution. Since 2019, I am learning about this cryptocurrency and spreading the word around.