In a zero-day attack, attackers have compromised Bitcoin ATMs manufactured by General Bytes. The ATM’s software was hacked so as to transfer funds to the hackers’ wallets instead.
There’s still no information in regard to the amount that was stolen or the number of hit ATMs. General Bytes has since patched the fix, while warning operators to urgently update the software.
According to General Bytes’ security team, the attackers gained access to the company’s Crypto Application Server. From there, they managed to create a new admin user and modify the ATMs’ settings. General Bytes claims that several audits have been conducted since 2020, with none of them identifying the vulnerability which lead to the hack.
General Bytes owns and operates 8827 Bitcoin ATMs, found in more than 120 countries. Hopefully, only a small portion of their overall amount was exploited.