Hackers reportedly steal 56 bitcoins from ATMs

Hackers reportedly steal 56 bitcoins from ATMs. Bitcoin ATMs were rightly drained after a zero-day bug was exploited by hackers.

Hackers reportedly steal 56 bitcoins from ATMs

Hackers Reportedly Steal 56 Bitcoins from ATMs

Unknown hackers have now managed to steal $1.5 million worth of bitcoin from specialized ATMs designed to distribute cryptocurrency easily. And the worst part of it all is that the stolen funds in question belonged to the customers of ATMs partially, also. And according to the report, the ATMs work by letting customers to connect it to a crypto application service (CAS) managed by them or the company. However, the ATM also let customers upload videos from the terminal to the CAS which apparently is where the bug was hiding.

An unknown, zero-day vulnerability, prior to this allowed the threat actors to upload and run a malicious Java application and used it to drain the CASes that are operated by both the company and its customers.

General Bytes Has Addressed the Issue

The company behind the ATMs, General Bytes addressed the issue 15 hours after it was alerted to the flaw. However, the only way to get the stolen funds back is to have the police locate and arrest the perpetrators, and then confiscate and return the stolen cryptocurrency which as you should know is easier said than done.

“The night of 17-18 March was the most challenging time for us and some of our clients. The entire team has been working around the clock to collect all data regarding the security breach and is continuously working to resolve all cases to help clients back online and continue to operate their ATMs as soon as possible,” the company in a statement said.
“We apologize for what happened and will review all our security procedures and are currently doing everything we can to keep our affected customers afloat.”

How the Attackers Carried Out the Operation

And by uploading and running the malware, the attacker got access to the database of the ATMs, was then allowed to read and decrypt encoded API keys that are needed to get access to the funds, and finally managed to withdraw the crypto to a separate and different wallet. The attacker’s furthermore managed to download both usernames and password hashes, turn off multi-factor authentication (MFA), and got access to terminal event logs in a bid to scan for customer private keys.

General Bytes Going Forward

One of the things General Bytes is changing at the moment, going forward, is that it will no longer manage CASes for its customers as they will now have to do so themselves in the event they decide to stick around at all.



Please enter your comment!
Please enter your name here