Zero-Day Bug Allows Crypto Hackers to Drain $1.6M From Bitcoin ATMs

  /     /     /  
Publicated : 23/11/2024   Category : security


Zero-Day Bug Allows Crypto Hackers to Drain $1.6M From Bitcoin ATMs


After its second cyberattack in under a year, General Bytes urges customers to up the security on their personal accounts to prevent losses from hackers.



Over St. Patricks Day weekend, unidentified hackers stole more than $1.6 million in cryptocurrency from Bitcoin ATMs owned by General Bytes.
In what the ATM owner called a security incident of the highest severity, threat actors were able to exploit a zero-day flaw by uploading his own java application remotely via the master service interface used by terminals to upload videos, and run it using batm user privileges, the
advisory released by General Bytes stated
.
Once the attackers were able to accomplish this, they secured access to the database, where they were able to read and decrypt API keys used to access funds in hot wallets and exchanges, send funds from hot wallets, and download usernames, password hashes as well as turn off the two-factor authentication (2FA) feature. 
This
cryptocurrency-related breach
is the second aimed at General Bytes in under a year, the last of which occurred less than a year ago, in August.
Though the company has stated that it has run multiple security audits since 2021, this was a vulnerability that was never caught. General Bytes advises its terminal operator customers to keep their servers behind firewalls and VPNs, as well as assume that the passwords and API keys to exchanges and hot wallets used by end users are compromised — and should be changed accordingly.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Zero-Day Bug Allows Crypto Hackers to Drain $1.6M From Bitcoin ATMs