- The company urged ATM operators to update their software immediately.
- The CAS management interface should only be accessed from trusted IP addresses.
On Thursday, hackers used a zero-day exploit to gain access to the servers of the Bitcoin ATM maker public byteChange the default administrators to themselves and reset the system so that all payments are sent to their wallet address.
The company urged ATM operators to immediately update their software but has not yet disclosed how much money has been taken or how many ATMs are affected.
On Thursday, General Bytes announced the hack of its network of 8,827 Bitcoin ATMs, available in more than 120 countries. Both ATMs and company headquarters are produced in Prague, Czech Republic. The average number of currencies that can be bought or sold at an ATM is above 40.
Sell encryption settings
Hacker modifications to Thursday’s CAS software version, version 20201208, have introduced the bug. Customers using versions of the General Bytes ATM server software prior to 20220725 or 20220531 are advised to upgrade to patch version 20220725.22 immediately.
The CAS management interface should only be available from trusted IP addresses, thus clients were urged to adjust the server’s firewall settings accordingly.
General Bytes urged consumers to check the “SELL Crypto Setting” before restarting terminals to ensure that hackers did not forward any incoming payments to themselves (not customers).
General Bytes said that since its founding in 2020, several security assessments have been carried out, but none have found this flaw. General Bytes’ security advisory team revealed in a blog post that thieves broke into the company’s Crypto Application Server (CAS) server by exploiting a zero-day vulnerability.
Every aspect of an ATM’s business, such as what currencies are accepted and how they are bought and sold on exchanges, is handled by a CAS server.
Recommended for you:
Jamie Dimon, CEO of JP Morgan, warns of a catastrophic recession
#Hackers #target #Bitcoin #ATMs #Day #Exploit