A hacker plundered at least $1.5 million from cryptocurrency ATMs by exploiting a newly discovered software vulnerability.
The heist hit cryptocurrency ATM provider General Bytes over the weekend and caused it to suffer security breaches on the company’s cloud services and servers. “The attacker identified a security vulnerability in the master service interface used by Bitcoin ATMs to upload videos to the server,” General Bytes said in a report(Opens in a new window) disclosing the breach.
The company has been vague on the exact nature of the vulnerability. But the problem involves the crypto application servers(Opens in a new window) (CAS services) for General Bytes, which can allow a client to manage their Bitcoin ATMs from a central location.
The hacker was able to scan the internet and identify the CAS services on cloud hosting provider DigitalOcean. The culprit then exploited the vulnerability to upload a malicious Java app to the application servers, giving them access to the ATMs' cryptocurrency funds, along with the ability to shut off the two-factor authentication.
“As a result, the attacker could send funds from hot wallets, and at least 56 Bitcoins (or about $1.59 million) were stolen before we could release the patch,” General Bytes said. In addition, the hacker used numerous addresses for other cryptocurrencies, which suggests they may have stolen a variety of tokens.
The hack was so bad the company shut down its cloud service. General Bytes is also urging customers to pull the plug on their CAS servers as soon as possible and install the patches. “Consider all your 1) user’s CAS passwords, and 2) API keys to exchanges and hot wallets to have been compromised and leaked,” it's telling clients, even if
Read more on pcmag.com