Bitcoin ATMs were one of the first steps to integrating crypto into everyday life. While these machines do make it easier to access your crypto funds, they come with some downsides. Unfortunately some Bitcoin ATMs can have some major security risks.
Recent reports of a huge hack in Europe have many experts concerned.
General Bytes Reports Massive ATM Theft
General Bytes is one of the leading providers of Bitcoin ATMs. The Prague-based company has ATMs in over 120 countries, so they handle a lot of major Bitcoin transactions each day. In August, General Bytes shocked the crypto community by announcing that they had been hacked.
Their press release explained that hackers had managed to locate and exploit a security hole in the Crypto Application Server (CAS) that General Bytes uses to handle transactions. At the time of their announcement, over $16,000 worth of customer assets had been stolen. The situation is still ongoing, so further reports of losses may occur. Though General Bytes did report the theft to the Czech police, the hackers are still at large.
Hackers Used Zero-Day Bug to Access Funds
How were hackers able to make off with thousands of dollars from a reputable ATM system? They used a type of hack called a “zero-day” exploit. This means that they were able to exploit a software flaw before General Bytes had time to fix it. In the case of the General Bytes hack, the scammers were able to take advantage of the flaw before the company was even aware of it. It is currently unknown if this flaw was always present or if it showed up right after General Bytes launched their “Help Ukraine” feature.
The thieves started their hack by using a URL call workaround to log in as an initial admin user. From there, they were able to identify vulnerable ports that CAS services were running on. The hackers then managed to use these ports to set themselves up as the default admin user. This gave them the ability to alter settings for several crypto ATMs.
The attacker altered settings so that invalid payments would be sent to the thieves’ crypto wallet address. This means that any time a person did something to trigger an invalid payment warning on the machine, all related funds were sent to the hackers. Since the payment was marked as invalid, no payment confirmations were necessary, so most users had no clue that their money was stolen.
ATM Users Need to Check Their Accounts
General Bytes says that they promptly identified and resolved the vulnerability that the hackers exploited. However, months after the hack, customers were still reporting losses. The hack is ongoing because it requires a little effort to patch the systems. Due to the way General Bytes’ ATMs are set up, the company cannot roll out a patch for all ATMs simultaneously.
Instead, the owners of each ATM need to update the machine individually. General Bytes has released new patches that all ATM operators must download. They also need to reset all user passwords, verify all firewall settings, delete any unrecognized terminals, revoke any unauthorized admin permissions, and review the admin logs.
Furthermore, General Bytes has also recommended that all customers take the time to look over their crypto settings. Though unlikely, it is possible that the hackers were able to modify some individual user accounts so that the “Sell Crypto” setting would route funds to the hackers’ wallets.
Crypto Hacks Continue to Cause Problems for Customers and Companies
The General Bytes ATM hack is just the latest in a long line of crypto hacks. According to the FBI, cryptocurrency fraud has resulted in over $42 million in losses in less than a year. Since crypto transactions are often untraceable, crypto applications are very appealing to thieves and hackers.
- Bitcoin of America Indicted for Unlicensed Kiosks: A Breakdown for the Bitcoin ATM Community
- General Bytes Crypto ATM Shutdown: Impact, Implications, and the Future of Decentralized Finance
- How to Use a Bitcoin ATM
- Saving Time When Using a Bitcoin ATM
- Bitcoin ATMs: Frequently Asked Questions