A hacker has stolen money from people sending crypto currency to ATMs. This reportedly involved deposits to General Bytes ATMs.
https://twitter.com/RevoluzionToken/status/1561619555218251776
Bitcoin ATM
The hacker managed to modify the settings of devices with the settings of his own wallet. This allowed him to display an invalid payment address on the screen. This address did not belong to the ATM operator, so the money ended up in the hacker's hands. A statement reads as follows:
"The attacker was able to remotely create an admin user through the CAS management interface. He reached the page used for the default installation on the server via a URL call. This is also where the first admin user is created."
Bleeping Computer brought the news the day before yesterday and the company itself has also provided clarity.
Here you can read the Patch-release with a bit more background information.
Solution
Of course, General Bytes has started working on a solution. They say they have done several audits since 2020, but this problem had not come to light.
The attack took place three days after a new feature was placed in the ATM. The ATM had added a "Help Ukraine" function to the device.
It is not known how many customers were victims of the problem and how much bitcoin was captured.
Perhaps most importantly, the hacker did not gain access to the private keys of depositors. The rest of everyone's bitcoin holdings are safe. Passwords and other data are also safe.
Currently there are (reportedly) a total of 21 bitcoin ATMs in the Netherlands. The United States is the leader with over 34,000 ATMs, followed by Canada with 2550 ATMs and Spain with 255 ATMs.
https://www.indexuniverse.eu/hackers-of-bitcoin-atms-could-secretly-change-addresses/
Comments
Post a Comment