Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw

1 year ago AndyC

Mar
21,
2023Ravie
LakshmananCryptocurrency
/
Hacking

Bitcoin
ATM
maker
General
Bytes
disclosed
that
unidentified
threat
actors
stole
cryptocurrency
from
hot
wallets
by
exploiting
a
zero-day
security
flaw
in
its
software.

Hackers Steal Over .6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw



Mar
21,
2023Ravie
LakshmananCryptocurrency
/
Hacking


Hackers Steal Over .6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw

Bitcoin
ATM
maker
General
Bytes
disclosed
that
unidentified
threat
actors
stole
cryptocurrency
from
hot
wallets
by
exploiting
a
zero-day
security
flaw
in
its
software.

“The
attacker
was
able
to
upload
his
own
java
application
remotely
via
the
master
service
interface
used
by
terminals
to
upload
videos
and
run
it
using
‘batm’
user
privileges,”
the
company

said
in
an
advisory
published
over
the
weekend.

“The
attacker
scanned
the
Digital
Ocean
cloud
hosting
IP
address
space
and
identified
running
CAS
services
on
ports
7741,
including
the
General
Bytes
Cloud
service
and
other
GB
ATM
operators
running
their
servers
on
Digital
Ocean,”
it
further
added.

The
company
said
that
the
server
to
which
the
malicious
Java
application
was
uploaded
was
by
default
configured
to
start
applications
present
in
the
deployment
folder
(“/batm/app/admin/standalone/deployments/”).

In
doing
so,
the
attack
allowed
the
threat
actor
to
access
the
database;
read
and
decrypt
API
keys
used
to
access
funds
in
hot
wallets
and
exchanges;
send
funds
from
the
wallets;
download
usernames,
password
hashes,
and
turn
off
two-factor
authentication
(2FA);
and
even
access
terminal
event
logs.

It
also
warned
that
its
own
cloud
service
as
well
as
other
operators’
standalone
servers
were
infiltrated
as
a
result
of
the
incident,
prompting
the
company
to
shutter
the
service.

In
addition
to
urging
customers
to
keep
their
crypto
application
servers
(CASs)
behind
a
firewall
and
a
VPN,
it’s
also
recommending
to
rotate
all
users’
passwords
and
API
keys
to
exchanges
and
hot
wallets.

“The
CAS
security
fix
is
provided
in
two
server
patch
releases,
20221118.48
and
20230120.44,”
General
Bytes
said
in
the
advisory.

The
company
further
emphasized
that
it
had
conducted
multiple
security
audits
since
2021
and
that
none
of
them
flagged
this
vulnerability.
It
appears
to
have
been
unpatched
since
version
20210401.


WEBINAR

Discover
the
Hidden
Dangers
of
Third-Party
SaaS
Apps

Are
you
aware
of
the
risks
associated
with
third-party
app
access
to
your
company’s
SaaS
apps?
Join
our
webinar
to
learn
about
the
types
of
permissions
being
granted
and
how
to
minimize
risk.

RESERVE
YOUR
SEAT

General
Bytes
did
not
disclose
the
exact
amount
of
funds
stolen
by
the
hackers,
but
an
analysis
of
the
cryptocurrency
wallets
used
in
the
attack
reveals
the
receipt
of

56.283
BTC
($1.5
million),

21.823
ETH
($36,500),
and

1,219.183
LTC
($96,500).

The
ATM
hack
is
the

second
breach
targeting
General
Bytes
in
less
than
a
year,
with
another
zero-day
flaw
in
its
ATM
servers
exploited
to
steal
crypto
from
its
customers
in
August
2022.

Found
this
article
interesting?
Follow
us
on

Twitter


and

LinkedIn
to
read
more
exclusive
content
we
post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

More Stories

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Latrodectus Malware Loader Emerges as IcedID’s Successor in Phishing Campaigns

2 hours ago AndyC
Chinese Nationals Arrested for Laundering Million in Pig Butchering Crypto Scam

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam

20 hours ago AndyC
Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

20 hours ago AndyC
Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

3 days ago AndyC
New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

3 days ago AndyC
China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

3 days ago AndyC

You may have missed

Grandoreiro Banking Trojan is back and targets banks worldwide

Grandoreiro Banking Trojan is back and targets banks worldwide

2 hours ago AndyC
Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Latrodectus Malware Loader Emerges as IcedID’s Successor in Phishing Campaigns

2 hours ago AndyC
Sekuro Appoints its First Federal Government Security Advisor

Sekuro Appoints its First Federal Government Security Advisor

8 hours ago AndyC
Weekly Update 400

Weekly Update 400

8 hours ago AndyC
Macquarie Uni to spend up to 0m on 10-year digital transformation

Macquarie Uni to spend up to $700m on 10-year digital transformation

11 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.