General Bytes’ Bitcoin ATMs Hacked Through Zero-Day Exploit

General Bytes, the world’s largest Bitcoin and cryptocurrency ATM manufacturer, has faced a zero-day vulnerability attack, which resulted in customers losing their funds. 

According to the statement shared on August 19th, the hacker has identified the security vulnerability in the company's Crypto Application Server (CAS) “admin interface”. In the blog post, the team noted:

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

How Can You Earn Money With Axie Infinity? (AXS Animated Explainer)

SUBSCRIBE

ON YOUTUBE

The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.

The Crypto Application Server is the most important part of managing ATMs. Through this system, admins control “the execution of buying and selling of crypto on exchanges and which coins are supported”. 

Therefore, using the flaw in CAS, the hacker created a new admin and modified two-way machine settings to their wallet. As a result, when users started sending their coins to ATMs, the transferred coins went straight to the hacker. 

The company did not disclose the amount of funds stolen or how many ATMs were affected by this hack. In total, the company owns 8827 Bitcoin ATMs across 120 countries. On top of that, Bitcoin ATMs support around 40 different cryptocurrencies. 

After the hack, General Bytes instructed ATM operators to update the machine software. On the other hand, customers are advised to avoid using General Bytes Bitcoin ATMs until new updates are installed. 

The customers are also asked to change their firewall settings, so that only authorized IP addresses can make changes to the CAS system.

The General Bytes team notes that the vulnerabilities in the system have been present since installing the 20201208 version. It comes as a surprise, considering that General Bytes have conducted several security audits since 2020, but no issues were identified.

Gile K., Market Sentiment Analyst

Gile is a Market Sentiment Analyst who understands what public events may form what emotions. Her experience researching Web3 news and public market messages – including cryptocurrency news reports, PRs, and social network streams – is critical to her role in helping lead the Crypto News Editorial Team.
As an intelligent professional in public relations, together with the team, she aims to determine real VS fake news patterns, and bring her findings to anyone searching for unbiased news and events happening in the FinTech markets. Her expertise is uncovering the latest trustworthy & informative Web3 announcements to the masses.
When she's not researching the trustworthiness of mainstream stories, she spends time enjoying her terrace view and taking meticulous care of her outdoor environment.

Full Bio

All Expert Contributors & Analysts