OP 21 March, 2023 - 04:36 PM
The Bitcoin ATMs of General Bytes got hacked with a zero-day, and the hackers took $1.5M. Pretty crazy find and story.
Source: https://www.bleepingcomputer.com/news/se...5m-stolen/
Quote:Leading Bitcoin ATM maker General Bytes disclosed that hackers stole cryptocurrency from the company and its customers using a zero-day vulnerability in its BATM management platform.
General Bytes makes Bitcoin ATMs allowing people to purchase or sell over 40 cryptocurrencies. Customers can deploy their ATMs using standalone management servers or General Bytes cloud service.
Over the weekend, the company disclosed that hackers exploited a zero-day vulnerability tracked as BATM-4780 to remotely uploaded a Java application via ATM's master service interface and run it with 'batm' user privileges.
"The attacker scanned the Digital Ocean cloud hosting IP address space and identified running CAS services on ports 7741, including the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean (our recommended cloud hosting provider)," General Bytes explained in a security incident disclosure.
The company took to Twitter to urge customers to "take immediate action" and install the latest updates to protect their servers and funds from attackers.
Source: https://www.bleepingcomputer.com/news/se...5m-stolen/
