A zero-day vulnerability in General Bytes Bitcoin ATMs’ software allowed perpetrators to steal roughly $1.6 million worth of assets from hot wallets in a high-profile crypto heist.
The attackers reportedly leveraged a flaw in the terminals’ master service interface to upload a rogue java application remotely. Although the company failed to disclose the exact amount of crypto assets stolen by the threat actors, on-chain analysis tools reveal that 56.283 BTC, 21.823 ETH, and 1,219.183 LTC, worth over $1.6 million, went missing.
According to General Bytes’ security advisory, the attacker “scanned the Digital Ocean cloud hosting IP address space and identified running CAS services on ports 7741, including the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean (our recommended cloud hosting provider).”
The exploit granted threat actors several privileges on the compromised systems, including:
“Using this security vulnerability, (the) attacker uploaded his own application directly to (the) application server used by (the) admin interface,” according to the advisory. The “application server was by default configured to start applications in its deployment folder.”
Although the company claims to have run several security audits since 2021, the vulnerability has eluded digital forensics. General Bytes included an extensive list of crypto addresses and a few IP addresses the attacker used.
The report includes detailed information to help operators establish whether their server was breached, as well as a series of mitigation recommendations. General Bytes urges operators who doubt they’ve been breached to take several measures, including:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsNovember 14, 2024
September 06, 2024