General Bytes Bitcoin ATMs have been hacked!

8/22/2022, 04:19 PM
General Bytes Bitcoin ATMs have been hacked!
In recent news, it has been revealed that the servers of Bitcoin ATM manufacturer General Bytes were compromised due to a vulnerability in the software. This means that any deposits made into a General Bytes ATM could have ended up in the attacker's wallet, instead of the intended recipient.

General Bytes is a bitcoin ATM manufacturer based in the Czech Republic. The company was founded in 2013 and has since shipped over 3,000 machines to customers in over 60 countries. General Bytes is one of the leading manufacturers of bitcoin ATMs, and their machines support a variety of cryptocurrencies including bitcoin, litecoin, ethereum, and dash.

The attacker was able to create an admin user remotely from the CAS admin interface via a URL call on the page used for the default installation on the server and creation of the first admin user.

It is not yet clear how many machines are affected and how high the loss is. However, General Bytes has recommended that all operators upgrade their servers in order to prevent any further attacks.

With over 8,800 ATMs in 120 countries, General Bytes is the world's second largest provider of crypto ATMs. This news is sure to cause concern for many users of these machines, as it highlights the potential risks associated with using them.

It is important to remember that, while crypto ATMs can be a convenient way to buy or sell cryptocurrencies, they are not without their risks. Users should always be aware of the potential for hacks and scams, and take steps to protect themselves accordingly.

The attackers used a zero-day vulnerability to gain access to the company's Crypto Application Server (CAS). The CAS server manages the entire operation of the ATM, including the execution of purchases and sales of cryptocurrencies on exchanges and the coins offered.
The company believes that the hackers "sought out unsecured servers running on TCP ports 7777 or 443, including servers hosted on General Bytes' own cloud service". From there, the hackers logged in as the standard administrator of the CAS with the name gb and then changed the purchase and sale settings so that all cryptocurrencies received by the Bitcoin ATM were instead transferred to the wallet address of the hacker.

Customers have been advised not to use their General Bytes ATM servers until they have updated their servers to patch releases 20220725.22, and 20220531.38 for customers running on 20220531.

These attacks would not have been possible if the servers were only allowed connections from trusted IP addresses.
Created with Highcharts 10.2.0Crypto ATMs NumberChart context menuCrypto ATM Growth by ManufacturerSource: coinatmradar.comGenesis CoinGeneral BytesLamassuBitAccess20142015201620172018201920202021202205k10k15k20kTuesday, Oct 1, 2013?? General Bytes: 2?