{"id":486712,"date":"2022-08-22T04:26:08","date_gmt":"2022-08-22T01:26:08","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/hackers-exploit-zero-day-bug-to-steal-from-general-bytes-bitcoin-atms\/"},"modified":"2022-08-22T04:26:08","modified_gmt":"2022-08-22T01:26:08","slug":"hackers-exploit-zero-day-bug-to-steal-from-general-bytes-bitcoin-atms","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/hackers-exploit-zero-day-bug-to-steal-from-general-bytes-bitcoin-atms\/","title":{"rendered":"# Hackers exploit zero day bug to steal from General Bytes Bitcoin ATMs"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a261dc873d5b\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a261dc873d5b\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/hackers-exploit-zero-day-bug-to-steal-from-general-bytes-bitcoin-atms\/#%E2%80%9D_Hackers_exploit_zero_day_bug_to_steal_from_General_Bytes_Bitcoin_ATMs_%E2%80%9C\" >&#8221; Hackers exploit zero day bug to steal from General Bytes Bitcoin ATMs &#8220;<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/hackers-exploit-zero-day-bug-to-steal-from-general-bytes-bitcoin-atms\/#How_the_attack_happened\" >How the attack happened<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Hackers_exploit_zero_day_bug_to_steal_from_General_Bytes_Bitcoin_ATMs_%E2%80%9C\"><\/span>&#8221; Hackers exploit zero day bug to steal from General Bytes Bitcoin ATMs &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDgvODlhN2I3MjUtOTRjOC00ZmRhLWI2ZjgtZjNjYTg1MjNjMzA3LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-28d77a7a>Bitcoin ATM manufacturer <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">General<\/a> Bytes had its servers compromised via a zero-day attack on Aug. 18, which enabled the hackers to make themselves the default admins and modify settings so that all funds would be transferred to their wallet address. <\/p>\n<p>The amount of funds stolen and number of ATMs compromised has not been disclosed but the company has urgently advised ATM operators to update their software.<\/p>\n<p>The hack was <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/generalbytes.atlassian.net\/wiki\/spaces\/ESD\/pages\/2785509377\/Security+Incident+August+18th+2022\">confirmed<\/a> by General Bytes on Aug. 18, which owns and operates 8827 Bitcoin ATMs that are accessible in over 120 countries. The company is headquartered in Prague, Czech Republic, which is also where the ATMs are manufactured. ATM customers can buy or sell over 40 coins.<\/p>\n<p>The vulnerability has been present since the hacker\u2019s modifications updated the CAS software to version 20201208 on Aug. 18.<\/p>\n<p>General Bytes has urged customers to refrain from using their General Bytes ATM servers until they update their server to patch release 20220725.22, and 20220531.38 for customers running on 20220531.<\/p>\n<p>Customers have also been advised to modify their server firewall settings so that the CAS admin interface can only be accessed from authorized IP addresses, among other things. <\/p>\n<p>Before reactivating the terminals, General Bytes also reminded customers to review their \u2018SELL Crypto Setting\u2019 to ensure that the hackers didn\u2019t modify the settings such that any received funds would instead be transferred to them (and not the customers).<\/p>\n<p>General Bytes stated that several security audits had been conducted since its inception in 2020, none of which identified this vulnerability. <\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_the_attack_happened\"><\/span>How the attack happened<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>General Bytes\u2019 security advisory team stated in the blog that the hackers conducted a zero-day vulnerability attack to gain access to the company\u2019s Crypto <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">App<\/a>lication Server (CAS) and extract the funds.<\/p>\n<p>The CAS server manages the ATM\u2019s entire operation, which includes the execution of buying and selling of crypto on exchanges and which coins are supported. <\/p>\n<p><strong>Related: <\/strong><strong>Vulnerable: Kraken reveals many US Bitcoin ATMs still use default admin QR codes<\/strong><\/p>\n<p>The company believes the hackers \u201cscanned for exposed servers running on TCP ports 7777 or 443, including servers hosted on General Bytes\u2019 own cloud service.\u201d<\/p>\n<p>From there, the hackers added themselves as a default admin on the CAS, named \u2018gb\u2019, and then proceeded to modify the \u2018buy\u2019 and \u2018sell\u2019 settings such that any crypto received by the Bitcoin ATM would instead be transferred to the hacker\u2019s wallet address:<\/p>\n<blockquote><p>&#8220;The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.&#8221;<\/p><\/blockquote>\n<p><template data-name=\"subscription_form\" data-type=\"crypto_biz\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/hackers-exploit-zero-day-bug-to-steal-from-general-bytes-bitcoin-atms\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Hackers exploit zero day bug to steal from General Bytes Bitcoin ATMs &#8220; Bitcoin ATM manufacturer General Bytes had its servers compromised via a zero-day attack on Aug. 18, which enabled the hackers to make themselves the default admins and modify settings so that all funds would be transferred to their wallet address. The&#8230;<\/p>\n","protected":false},"author":1,"featured_media":486713,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDgvODlhN2I3MjUtOTRjOC00ZmRhLWI2ZjgtZjNjYTg1MjNjMzA3LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[117866,74862,74882,70719,117],"class_list":["post-486712","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-atms-bitcoin-exchange","tag-bitcoin","tag-hacks","tag-atm","tag-business"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/486712","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=486712"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/486712\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/486713"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=486712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=486712"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=486712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}