Attackers hit Bitcoin ATMs to steal $1.5 million in cryptocurrency • The Register

by · March 23, 2023

Attackers hit Bitcoin ATMs to steal .5 million in cryptocurrency • The Register

Unidentified criminals have obtained more than $1.5 million worth of cryptocurrency from Bitcoin ATMs by exploiting an unknown flaw in digicash delivery systems.

According to General Bytes, the outfit that sold the ATMs and had managed some of them with a cloud service, the attackers used an interface designed to upload videos to instead inject a malicious Java application, then subverted ATM user privileges.

They siphoned at least 56 Bitcoins — roughly $1.5 million at the time of publication — from crypto wallets. General Bytes issued an update 15 hours after discovering the intrusion, but by then the digital coins were gone, leaving an unknown number of victims on the hook for the lost money.

“The entire team has been working around the clock to collect all data regarding the security breach and is continuously working to resolve all cases to help clients get back online and continue to operate their ATMs as soon as possible,” General Bytes explained in a statement.

General Bytes notified companies that purchased its ATMs to shut down their systems. The provider, headquartered in Prague with a US office in Bradenton, Florida, sells and operates five different models of crypto ATMs.

People use them to exchange Bitcoin and other currencies. In all, General Bytes says it has sold more than 15,000 terminals in 149 countries that support more than 180 currencies. The systems have executed more than 15.2 million transactions.

The attack

Companies that buy the ATMs connect them to a crypto application server (CAS) managed by the customer themselves or – until now – General Bytes through the cloud service provider DigitalOcean.

See also  Bitcoin and Ethereum Take a Plunge as Fed Signals More Rate Hike ⋆ ZyCrypto

In the breach over the weekend, the attackers exploited a vulnerability that had gone undetected despite multiple security audits since 2021. The bad guys scanned DigitalOcean’s IP address space and found Crypto Application Server (CAS) services on port 7741 – including General Bytes’ cloud service and other customers that runs its ATMs on DigitalOcean.

“Using this vulnerability, the attacker uploaded his application directly to the application server used by the admin interface,” the chastened ATM vendor wrote. “The application server was configured by default to launch applications in the distribution folder.”

The criminals accessed the database, read and decrypted API keys and exchanges, and siphoned digital coins from wallets. They can also download username and password hashes, turn off multi-factor authentication, access terminal event logs and search for instances where users scanned private keys on the terminals.

This is the second such attack on General Bytes, which had its digital coins stolen in August 2022 by miscreatives exploiting a flaw in CAS.

The problem with hot wallets

Hot wallets pose a particular problem in the high-risk crypto market. Wallets would be safer if disconnected from the internet, but users rely on them for quick transactions, which requires connectivity.

“The whole purpose of hot wallets is to provide an immediate opportunity to transact,” John Bambenek, principal threat hunter at cybersecurity firm Netenrich, told The register. “That being said, the security of any wallet is tied to the security of the private key. If someone gets it – which can be copied – it’s game over. All the layers of fraud protection don’t and can’t apply to crypto. .”

See also  Bitcoin and hard assets will win as inflation rises, says Novogratz, sees BTC at $500,000

General Bytes said it is shutting down its cloud services, noting that it is “theoretically (and practically) impossible to secure a system that allows access to multiple operators at the same time where some of them are bad actors.”

All customers will now manage their own terminals using their own servers. General Bytes will help businesses migrate their data from the cloud to their standalone servers. It also encourages customers to keep their CAS behind a firewall and VPN to prevent other attackers from accessing them via the internet.

They should also assume that all users’ passwords and API keys to exchanges and hot wallets have been compromised.

The register has asked General Bytes for further comments and will update if more information comes in.

Crypto theft is big business and only getting bigger. According to blockchain biz Chainalysis, $3.8 billion in digital coins was stolen in 2022, compared to $500 million two years earlier. Mike Parkin, senior technical evangelist with risk remediation provider Vulcan Cyber, said there’s only one way to truly reduce the risk associated with cryptocurrency: Get out of it altogether.

“It may not be the answer people want to hear, but crypto remains immature, volatile, unregulated and subject to new and creative cybercriminal attacks,” Parkin said The register. “Do you really want your money in this space?” ®

Related posts:

  1. Podcast: Recent ETF Developments: Cryptocurrency ETFs and ETPs
  2. Michael Saylor and Craig Wright agree on Bitcoin
  3. Top Crypto Analyst Issues Bitcoin and Ethereum Alert, Predicts Pullback for BTC and ETH as Merger Approaches
  4. A year after its debut, the ProShares Bitcoin ETF has underperformed the market by 1.8%
See also  Are Bitcoin short-term owners responsible for the current market decline

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Headline Posts