Bad actors have reportedly compromised the servers of a Bitcoin (BTC) ATM manufacturer, enabling them to redirect crypto assets to their own wallets.
Prema novom izvještaj by BleepingComputer, crypto ATMs owned by General Bytes have been exploited by hackers who remotely created an admin user account for the company’s Crypto Application Server (CAS).
“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.
This vulnerability has been present in CAS software since version 20201208.”
General Bytes’ security advisory kaže the firm believes hackers first found a vulnerability within the CAS admin interface, then scanned the internet for specific servers that were exposed, including those hosted by the firm’s own cloud service.
The hackers were able to automatically forward Bitcoin to their wallets every time a customer sent coins to the ATMs, resulting in an undisclosed amount of crypto being stolen.
“The attacker accessed the CAS interface and renamed the default admin user to ‘gb.’
The attacker modified the crypto settings of two-way machines with his wallet settings and the ‘invalid payment address’ setting.
Two-way ATMs started to forward coins to the attacker’s wallet when customers sent coins to ATM.”
According to the advisory, General Bytes is releasing updates to correct the problem but is warning customers not to use the ATMs until the vulnerabilities are fixed.
Ne propustite ritam - Subscribe da biste dobili kripto e-mail upozorenja koja se dostavljaju direktno u vašu ulaznu poštu
Check Price Action
Pratite nas na cvrkut, Facebook i telegram
surfovati Daily Hodl Mix
Izjava o odricanju odgovornosti: Mišljenja iznesena u Daily Hodlu nisu savjet o ulaganju. Ulagači trebaju obaviti svoju dužnu opremu prije nego što ulože bilo koja rizična ulaganja u bitcoin, kripto valutu ili digitalnu imovinu. Imajte na umu da su vaši transferi i trgovine na vlastiti rizik, a za sve gubitke koji mogu nastati odgovoran ste. Daily Hodl ne preporučuje kupovinu ili prodaju bilo koje kripto valute ili digitalne imovine, niti je Daily Hodl savjetnik za ulaganje. Imajte na umu da Daily Hodl sudjeluje u affiliate marketingu.
Featured Image: Shutterstock/Alexander Geiger
Source: https://dailyhodl.com/2022/08/22/bitcoin-atm-company-targeted-by-hackers-exploiting-zero-day-bug-report/