On August 18, unknown hackers hacked into the cryptographic settings of General Bytes bitcoin ATMs, allowing them to transfer cryptocurrencies deposited via the devices to their wallets. The incident was confirmed by company officials.

General Bytes’ security advisory group said hackers carried out a zero-day attack to gain access to the company’s cryptographic application server (CAS) and steal funds.

The CAS server manages all ATM transactions, including buying and selling cryptocurrencies on exchanges.

According to experts, the hackers “scanned open servers running on TCP ports 7777 or 443, including those hosted on the General Bytes cloud service.”

From there, the hackers added themselves as the default administrator to the CAS named gb. They then continued to tweak the “buy” and “sell” settings so that any cryptocurrency received by the Bitcoin ATM would go to their wallets.

The attackers made a change to software version 20201208 dated August 18. General Bytes urged its customers to avoid using their ATMs until a fix is ​​released.

Users were also advised to change their server firewall settings to allow access to the CAS admin interface only from authorized IP addresses.

General Bytes added that previous security checks did not reveal this vulnerability.

The company did not specify the number of compromised ATMs, the amount of stolen cryptocurrencies, and the number of potential victims.

General Bytes owns and operates 8,827 bitcoin ATMs in over 120 countries. The company headquarters are located in Prague, Czech Republic. ATM customers can buy or sell more than 40 coins.

Recall that in November 2021, the FBI recorded an increase in fraud using cryptocurrency ATMs. According to US law enforcement, the attackers search for victims over the Internet and demand to transfer money through a cryptocurrency ATM using a QR code attached to their wallets on various pretexts.

Read ForkLog bitcoin news in our Telegram – cryptocurrency news, courses and analysis.