A security vulnerability has been revealed in a number of Bitcoin ATMs that has allowed cybercriminals to steal valuable tokens from users.
In an announcement, General Bytes, the manufacturer of the ATMs in question, said unknown attackers discovered a zero-day vulnerability in the devices and used it to mine cryptocurrency from user accounts.
As the company explained, these ATMs are controlled by a remote cryptographic application server (CAS), and whoever was behind the theft found a hole in the CAS.
"The attacker was able to create an administrator user remotely through the CAS administration interface via a URL call to the page used for the default installation on the server and create the first administrator user," General Bytes stated. "This vulnerability has been present in CAS software since version 20201208."
Divert the pieces
After that, whenever someone tried to deposit or withdraw crypto using the ATM, the funds were simply diverted to a wallet belonging to the hackers.
"Two-way ATMs began transferring coins to the attacker's wallet when customers sent coins to an ATM," the company explained.
The company was notified by a user whose funds had been stolen. It is not clear how many people were affected by the flaw or how much cryptocurrency the thieves managed to steal.
Since then, however, a patch has been released. The company has updated CAS to versions 20220531.38 and 20220725.22 and urged ATM service providers to retire the devices until they apply the fix. Most of the unpatched devices, about two dozen of them, are in Canada, it was said.
Also, as BleepingComputer reported, the attack would not have been possible in the first place if the servers had been protected by a firewall to allow only trusted IP addresses to establish a connection.
Via BleepingComputer (Opens in a new tab)