Bad actors have reportedly compromised the servers of a Bitcoin (BTC) ATM manufacturer, enabling them to redirect crypto assets to their own wallets.
бир караганда билдирүү by BleepingComputer, crypto ATMs owned by General Bytes have been exploited by hackers who remotely created an admin user account for the company’s Crypto Application Server (CAS).
“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.
This vulnerability has been present in CAS software since version 20201208.”
General Bytes’ security advisory мындай дейт: the firm believes hackers first found a vulnerability within the CAS admin interface, then scanned the internet for specific servers that were exposed, including those hosted by the firm’s own cloud service.
The hackers were able to automatically forward Bitcoin to their wallets every time a customer sent coins to the ATMs, resulting in an undisclosed amount of crypto being stolen.
“The attacker accessed the CAS interface and renamed the default admin user to ‘gb.’
The attacker modified the crypto settings of two-way machines with his wallet settings and the ‘invalid payment address’ setting.
Two-way ATMs started to forward coins to the attacker’s wallet when customers sent coins to ATM.”
According to the advisory, General Bytes is releasing updates to correct the problem but is warning customers not to use the ATMs until the vulnerabilities are fixed.
Beat сагынбаңыз - жазылуу электрондук почта билдирүүлөрүн электрондук почтаңызга түздөн-түз жеткирүү үчүн
текшерүү Баа Action
Постту бизди Twitter, Facebook жана телеграмма
Surf Daily Hodl Mix
Disclaimer: The Daily Hodl айтылган пикирлер салым кеп эмес. Investors Биткойн, cryptocurrency же санариптик каражаттарды ар кандай жогорку тобокелдик салымдарды чыгарар алдында текшерүү керек. Сураныч, которуулар жана кесип ээлери өз коркунучу бар экенин эскертип турган жана эч бир сиз жооптуу болуп калышы мүмкүн жоготот. Daily Hodl кандай cryptocurrencies же санариптик каражаттарды сатып алуу же сатуу сунуш да Daily Hodl салым насаатчысы эмес. Ошол Сураныч Daily Hodl санаторийи маркетинг катышат.
Featured Image: Shutterstock/Alexander Geiger
Source: https://dailyhodl.com/2022/08/22/bitcoin-atm-company-targeted-by-hackers-exploiting-zero-day-bug-report/