Hackers posed as default administrators in a bid to defraud General Bytes Bitcoin (BTC) ATM users of their funds. The breach happened while users were trying to perform deposit transactions. The bad actor was able to modify the crypto settings of the two-way machine in synchronization with his wallet settings as well as the invalid payment address setting.
Sharing a concise description of how the attack occurred, the advisory posted stated, “The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user. This vulnerability has been present in CAS software since version 20201208.”
Once this was enabled, the digital coins which customers were depositing found their way into the hacker’s wallet instead.
So far, the number of servers breached has not been disclosed to the public nor has the actual amount of cryptocurrency hijacked from the network. Tentatively, the firm has given a figure for the total damage caused to the ATM operators based on their feedback as $16,000.
General Bytes Assures Users of Data Safety
The advisory shows that the host operating system of General Bytes was in no way compromised. Also, the hacker could not gain access to the host file system and the database.
Particularly, General Bytes assured the public of the safety of their passwords, password hashes, salts, private keys or API keys stating that the hacker had no access to them. Important to realize is that this attack was perpetrated only three days after the ‘Help Ukraine’ feature was listed on crypto ATMs.
The case has been brought to the knowledge of the Czech Republic police department. General Bytes considers this attack as one with the highest severity. Accordingly, steps to a security fix were provided for users to avoid a further breach.
Another crypto firm that was recently threatened by bad actors is Curve.Finance, is a decentralized finance (DeFi) liquidity protocol giant. Based on the report, approximately $570,000 in Ethereum (ETH) was stolen from its platform. The hackers had achieved the scheme by cloning the Curve site.
To enumerate, the hackers focused on the domain name system (DNS) to move in the direction of their IP which hosts the cloned site. Thereafter, they requested approvals which the users authorized, draining their funds.
Read More
All News
BlockchainFX is the world’s first crypto exchange connecting traditional finance with blockchain. Join the $BFX presale today and secure your chance for 100x gains!
Join Now