• Latest
  • Trending
Tuesday, July 1, 2025

No products in the cart.

No products in the cart.

Hackers exploit zero day bug to steal from General Bytes Bitcoin ATMs

Bitcoin ATM maker General Bytes had its servers compromised in a zero-day attack on August 18th. This allowed the hackers to make themselves the default administrator and change the settings so that all funds were transferred to their wallet address.

The amount of stolen funds and number of compromised ATMs were not disclosed, but the company urgently advises ATM operators to update their software.

the hack is Confirmed General Bytes, which owns and operates 8,827 Bitcoin ATMs accessible in over 120 countries, announced on August 18. The company is headquartered in Prague, Czech Republic, where it also manufactures ATMs. ATM customers can buy and sell over 40 coins.

This vulnerability has existed since a hacker patch updated the CAS software to version 20201208 on August 18th.

General Bytes is urging customers running 20220531 to refrain from using General Bytes ATM servers until they update their servers to patch releases 20220725.22 and 20220531.38.

YOU MAY ALSO LIKE

We also recommend that you modify your server’s firewall settings to allow access only from authorized IP addresses for the CAS management interface.

Before reactivating the device, General Bytes asked customers to check their SELL Crypto Setting to ensure that the hacker had not changed the settings so that the received funds would be transferred to the customer (and not the customer). I urged you to check.

General Bytes says it has conducted several security audits since its inception in 2020, but none have identified the vulnerability.

how the attack was carried out

General Bytes’ security advisory team said in a blog that hackers launched a zero-day exploit to gain access to the company’s Crypto Application Server (CAS) and withdraw funds.

A CAS server manages the overall operation of the ATM. This includes performing cryptocurrency buying and selling on exchanges and which coins are supported.

Related: Vulnerability: Kraken Reveals Many US Bitcoin ATMs Still Use Default Admin QR Codes

The company believes the hackers “scanned public-facing servers running on TCP ports 7777 or 443, including servers hosted on General Bytes’ own cloud service.”

From there, the hacker added himself to CAS as a default administrator named “gb” and changed the “buy” and “sell” settings so that crypto received at the Bitcoin ATM was instead managed by the hacker. forwarded to the person Wallet address:

“An attacker was able to remotely create an administrative user through the CAS administration interface via a default installation on the server and a URL call to the page used to create the initial administrative user.”