Bitcoin
$23,812.01
+241.15
(+1.02%)
Ethereum
$1,674.88
+42.5
(+2.6%)
Ripple
$0.41
0
(+0.44%)
Litecoin
$99.86
+2.18
(+2.23%)
EOS
$1.09
+0.03
(+3.02%)
Cardano
$0.40
+0.01
(+3.11%)
Stellar
$0.09
0
(+1.83%)
NEO
$8.97
+0.69
(+8.29%)
NEM
$0.04
0
(+0.8%)
DigitalCash
$61.95
+0.95
(+1.56%)
Tether
$1.00
0
(0%)
Binance Coin
$328.38
+11.58
(+3.66%)
QTUM
$2.77
+0.06
(+2.1%)
Verge
$0.00
0
(+2.94%)
Ontology
$0.22
+0.01
(+3.18%)
ZCash
$46.82
+0.38
(+0.82%)
Steem
$0.20
+0.01
(+3.46%)

Zero-day in Bitcoin ATMs Exploited in a Crypto Heist

0


Blockchain & Cryptocurrency
,
Cryptocurrency Fraud
,
Fraud Management & Cybercrime

Attack Comes Days After General Bytes Introduced ‘Help Ukraine’ Feature

Zero-day in Bitcoin ATMs Exploited in a Crypto Heist
Image: General Bytes

A zero-day vulnerability in software powering General Bytes bitcoin ATM servers went undetected for nearly two years before hackers used it to steal cryptocurrency, the company says.

See Also: Webinar | Prevent, Detect & Restore: Data Security Backup Systems Made Easy

The Czech company says the incident resulted in $16,000 being stolen through six operators of its automated crypto-to-fiat currency conversion machines.

A company executive tells Information Security Media Group the hackers may have been motivated by vengeance against its pro-Ukraine posture. The attack came just days after General Bytes announced a “Help Ukraine” feature on its ATMs.

“The only coincidence is that three days before the attack, we introduced a feature that helps people donate Bitcoins to the Ukraine government via a special button on the ATM screen,” said Martijn Wismeijer, General Bytes marketing manager, in an email. The attack originated in the Caucasus country of Georgia, “where a higher number of Russian IT professionals live, this could be the reason,” Wismeijer said, although he acknowledged that “this is pure speculation.”

Blockchain analysis company Elliptic estimates the Ukrainian government received more than $60 million in donated cryptocurrency in the weeks following Russia’s invasion. Ukraine says the donated digital currency has gone to buying supplies ranging from digital rifle scopes to fuel.

Wismeijer confirmed the company received an extortion demand after details of the vulnerability and its subsequent fix were publicly released. It’s unclear what connection, if any, the demand has with the attackers, he said. It “came from somebody unable to provide single proof that he was the one behind the attack.”

The General Bytes executive said the vulnerability came to light when two customers separately reported changes in their ATM settings without their authorization on the same day. The company websites says it’s sold more than 13,300 ATMs with at least one present in nearly every country across the globe. It has released a patch to plug the vulnerability.

The Zero-Day Flaw

The zero-day exploited in the attack was located in the company’s Crypto Application Server, software for managing Bitcoin ATMs from a central location through a web browser. The vulnerability stems from a December 2020 upgrade that added an ATM configuration wizard the company dubbed FastTrack.

The wizard was intended to be used once, but hackers used it to create a new default admin user. They then substituted a new wallet address into the settings to receive funds from the ATMs.

Before exploiting the vulnerability, the attacker scanned for General Bytes and other ATM servers on DigitalOcean’s cloud hosting service, Wismeijer said.

Legally, General Bytes is not liable to reimburse customers for lost funds, Wismeijer said. The company is nonetheless considering reimbursing affected customers.

“We want to express that we are deeply sorry for the security issue we have caused, and none of our security protocols caught it. We will level up our security procedures to prevent this kind of vulnerability in the future,” Wismeijer said.





Read More: Zero-day in Bitcoin ATMs Exploited in a Crypto Heist

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Notice: Undefined variable: ub in /home/c83w5hz05vw6/public_html/searchcryptonews.com/wp-content/plugins/elements-web-tracker-for-wordpress-W26ADT3-fkYtpIKq-03-15/diframework/ditools.php on line 650

Notice: Undefined variable: ub in /home/c83w5hz05vw6/public_html/searchcryptonews.com/wp-content/plugins/elements-web-tracker-for-wordpress-W26ADT3-fkYtpIKq-03-15/diframework/ditools.php on line 659

Deprecated: strripos(): Non-string needles will be interpreted as strings in the future. Use an explicit chr() call to preserve the current behavior in /home/c83w5hz05vw6/public_html/searchcryptonews.com/wp-content/plugins/elements-web-tracker-for-wordpress-W26ADT3-fkYtpIKq-03-15/diframework/ditools.php on line 659

Notice: Undefined variable: ub in /home/c83w5hz05vw6/public_html/searchcryptonews.com/wp-content/plugins/elements-web-tracker-for-wordpress-W26ADT3-fkYtpIKq-03-15/diframework/ditools.php on line 674

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.