After the recent hack of the Solana blockchain, a new player in the crypto ecosystem is making an impact. The company General Bytes, which seeks to democratize the buying and selling of Bitcoin through physical counters, saw its servers corrupted at the end of last week.
Hackers take advantage of a zero-day bug!
This Thursday, the Bitcoin ATM servers General Measures carried out a so-called “zero-day” attack. An attack that would enable hackers to assign themselves the role of administrator. With this new role in hand, the hacker(s) would take advantage of it to transfer all the deposits to their wallet address. In a press release, the company reveals that the vulnerability has been present since the hacker updated the protocol last Thursday.
Good to know: A zero-day bug refers to an unprecedented vulnerability. Which means that the provider is not aware of this type of vulnerability. In fact, zero-day attacks are often successful for hackers.
So far, the company has not disclosed the total amount stolen or the number of accounts compromised by this hack. Anyway, General Bytes is already working with ATM operators, so these will be updated as soon as possible. The company specifically asked its customers not to use the terminals until the update. Especially for customers using the software version dated May 31, 2022. Customers were also advised to modify their firewall settings. And to secure the protocol, to make the administrative interface accessible only from one or more previously authorized IP addresses.
let’s remember that the company operates almost 9,000 counters automatic. General Bytes, headquartered in Prague, is present in more than 120 countries worldwide. The counters offered by the company allow end customers to interact with more than 60 different crypto projects. Including the biggest ones like Bitcoin, Litecoin or Ethereum.
On the platform’s blog, the General Bytes security team details how the hackers managed to carry out this attack. A hack made possible after access to the Crypto Application Server (CAS) of the society. The CAS is the server that manages the protocols involved in ATM operations. Operations that include buying, selling or exchanging digital assets and even the types of tokens supported.
If the investigation of this hack is still not complete, the security teams believe that the hackers managed to scan the servers on one or more TCP ports. Including servers hosted on the company’s cloud service. It is through this maneuver that they succeeded in assigning themselves the role of administrator by default. To complete the scam, it was only necessary to modify the buying and selling parameters so that all transactions passing through the physical ATM box were transferred to the hacker(s) wallet address. As the communication from the platform explains:
The hacker was able to create an administrator user remotely through the CAS administration interface via a URL call to the page used for default installation on the server and the creation of the first administrative user.
General Bytes states that several security audits have been conducted since its creation in 2020. But none of them were able to identify that vulnerability.
Also read: Investigation of scams in the crypto sphere!