The Bitcoin ATM manufacturer General Bytes has suffered a setback after hackers attacked one of their servers to take advantage of a zero-day vulnerability. Through the CAS administrator interface, the attacker was able to remotely create an admin user and steal funds from investors by using their wallet addresses as a sham.
The admin interface contained a security flaw that the hacker was able to find. Additionally, the business deactivated 2-way BATMs on the GB Cloud as a security measure.
General Bytes updates claim that the hacker generated the initial administration user and an admin user remotely using the CAS administrative portal and a URL call on the site used for the computer’s default configuration.
Particularly noteworthy are the business’s General Bytes Cloud service and other GB ATM operators who run their servers as Digital Ocean, a suggested cloud hosting provider.
The hacker changed the two-way machine’s crypto parameters with his wallet settings and the invalid payment address setting. Following this, when users deposited coins into two-way ATMs, the attacker’s wallet began to receive them.
Additionally, according to General Bytes, the attacker was unable to access the host operating system, database, passwords, etc.
Investors have been urged by General Bytes to refrain from using the GB ATM server until the following fix has been put in place.
According to the Cardano blockchain platform, the Tornado Cash mixer, which hides the sources and destinations of cryptocurrency transactions, was added to the list of people and organizations prohibited from breaking sanctions.