All crypto going into the Bitcoin ATM would be siphoned off by the hackers during a zero-day attack on Thursday
The world’s largest Bitcoin, Blockchain, and Cryptocurrency ATM manufacturer General Bytes had its servers hacked on Thursday, as reported by Cointelegraph. Hackers exploited a zero-day bug which enabled them to become the default admins and transfer all funds to their wallet address.
The amount of funds stolen and the number of ATMs compromised have not been disclosed yet. However, the crypto service provider has urgently advised ATM operators to update their software. The company owns and operates 8827 Bitcoin ATMs across 120 countries. Furthermore, General Bytes machines support over 40 different coins.
The vulnerability occurred due to the hacker’s modifications of the CAS software. They updated it to version 20201208 on Thursday. Thus, General Bytes urged customers to refrain from using their ATM servers until the company updates their software to patch releases 20220725.22, and 20220531.38 for customers running on 20220531.
In addition, the ATM manufacturer advises customers to modify their server firewall settings so that the CAS admin interface can only be accessed from authorized IP addresses. Before reactivating the terminals, General Bytes reminded customers to review their “SELL Crypto Setting” to ensure that the hackers didn’t modify the parameters.
Although several security audits have been conducted since the crypto service’s inception in 2020, none of them identified this vulnerability.