Bitcoin ATM under cyberattack, crypto stolen

Bitcoin ATM manufacturer General Bytes confirmed that it has been hit by a hacker attack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users.

The firm reported in an advisory last week:

The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.

This vulnerability has been present in CAS software since version 2020-12-08.

It's not immediately clear how many servers were breached using this flaw and how much cryptocurrency was stolen.

General Bytes said the hacker identified running CAS services on ports 7777 or 443 by scanning the DigitalOcean cloud hosting IP address space, followed by abusing the flaw to add a new default admin user named "gb" to the CAS.

The attacker modified the crypto settings of two-way machines with his wallet settings and the 'invalid payment address' setting.

Two-way ATMs started to forward coins to the attacker's wallet when customers sent coins to [the] ATM.

Recently, the notorious LockBit hacker group has claimed responsibility for the June ransomware attack on digital security giant Entrust.