Bad actors have reportedly compromised the servers of a Bitcoin (BTC) ATM manufacturer, enabling them to redirect crypto assets to their own wallets.
Pagal naujas pranešti by BleepingComputer, crypto ATMs owned by General Bytes have been exploited by hackers who remotely created an admin user account for the company’s Crypto Application Server (CAS).
“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.
This vulnerability has been present in CAS software since version 20201208.”
General Bytes’ security advisory sako the firm believes hackers first found a vulnerability within the CAS admin interface, then scanned the internet for specific servers that were exposed, including those hosted by the firm’s own cloud service.
The hackers were able to automatically forward Bitcoin to their wallets every time a customer sent coins to the ATMs, resulting in an undisclosed amount of crypto being stolen.
“The attacker accessed the CAS interface and renamed the default admin user to ‘gb.’
The attacker modified the crypto settings of two-way machines with his wallet settings and the ‘invalid payment address’ setting.
Two-way ATMs started to forward coins to the attacker’s wallet when customers sent coins to ATM.”
According to the advisory, General Bytes is releasing updates to correct the problem but is warning customers not to use the ATMs until the vulnerabilities are fixed.
Nepraleisk ritmo - Prenumeruok kad kriptografiniai el. pašto įspėjimai būtų pristatyti tiesiai į jūsų gautuosius
Tikrinti Kaina veiksmų
Sekite mus Twitter, Facebook ir Telegram
Surf „Daily Hodl Mix“
Atsisakymas: „The Daily Hodl“ išsakytos nuomonės nėra patarimas dėl investavimo. Investuotojai turėtų atlikti deramą patikrinimą prieš imdamiesi bet kokių didelės rizikos investicijų į „Bitcoin“, kriptovaliutą ar skaitmeninį turtą. Informuojame, kad už savo pervedimus ir sandorius esate atsakingi patys, o už visus nuostolius, kuriuos galite patirti, esate atsakingas jūs. „Daily Hodl“ nerekomenduoja pirkti ar parduoti jokios kriptovaliutos ar skaitmeninio turto, taip pat „The Daily Hodl“ nėra patarėjas dėl investavimo. Atkreipkite dėmesį, kad „The Daily Hodl“ dalyvauja filialų rinkodaroje.
Featured Image: Shutterstock/Alexander Geiger
Source: https://dailyhodl.com/2022/08/22/bitcoin-atm-company-targeted-by-hackers-exploiting-zero-day-bug-report/