Bitcoin ATMs hijacked by mystery threat actor

A cryptocurrency ATM manufacturer has been hacked by an unknown party in what could be a reprisal for its declared support for Ukraine against the Russian invasion.

The attacker was able to remotely create a user admin account and use this to hijack “two-way ATMs” operated by General Bytes that convert crypto to cash and vice versa, forcing them to intercept legitimate transactions by other customers and reroute the money to his or her own account.

General Bytes has issued a security patch for the exploit – a bug that hackers can use to illegally access a target machine – and warned its customers not to use their ATMs until they have run the update.

The ATM manufacturer, which services cryptocurrency users worldwide in 40 denominations, claims the unknown attacker did not gain access to its database, host operation and filing systems, or any passwords or private keys.

It has deactivated the ATMs and asked all users to reset passwords, modify and upgrade their servers and firewalls, and review access permissions before using its terminals again.

“The attacker was able to create an admin user remotely [...] via a URL call on the page that is used for the default installation on the server,” said General Bytes.

The attacker then modified the two-way machines using their wallet and the “invalid payment address” settings to make them forward funds to the attacker’s wallet when customers sent cryptocurrency to an ATM.

Earlier this month, General Bytes updated a statement on its website in support of Ukraine and giving its customers the option to transfer funds directly to fund the war-torn country.

“General Bytes stands with Ukraine and opposes the Russian invasion into that sovereign nation,” it said. “If you agree with this political statement, we’ve made it possible for you to aid Ukraine directly yourself.”

More from Cybernews:

Russian cyber "bears" tied to the Kremlin's agencies

5.7bn data entries found exposed on Chinese VPN

Russian threat group exploiting Microsoft weaknesses, says analyst

Estonia suffers severe cyberattack after removing Soviet monuments

Russian citizen to face ransomware laundering charges in US

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked