1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Bitcoin ATMs drained after hackers exploit zero-day bug

    From TechnologyDaily@1337:1/100 to All on Wed Mar 22 20:30:03 2023
    Bitcoin ATMs drained after hackers exploit zero-day bug

    Date:
    Wed, 22 Mar 2023 20:15:09 +0000

    Description:
    Hackers stole 56 bitcoin, worth around $1.5 million, by targeting ATM flaws.

    FULL STORY ======================================================================

    Unknown hackers have managed to steal 56 bitcoin, worth approximately $1.5 million, from specialized ATMs designed to distribute cryptocurrency, The worst part is - the stolen funds partially belonged to the ATMs customers, as well.

    According to the report, the ATMs work by allowing customers to connect it to a crypto application service (CAS) either they, or the company, manages. However, the ATM also allowed customers to upload videos from the terminal to the CAS - which is apparently where the bug was hiding.

    A previously unknown, zero-day vulnerability, allowed the threat actors to upload and run a malicious Java application, and use it to drain the CASes operated by both the company, and its customers. Keeping customers afloat

    General Bytes, the company behind the ATMs, addressed the issue 15 hours
    after being alerted to the flaw. However, the only way to get the funds back is to have the police find and arrest the perpetrators, then confiscate and return the stolen cryptocurrency - which is obviously easier said than done.

    The night of 17-18 March was the most challenging time for us and some of our clients. The entire team has been working around the clock to collect all
    data regarding the security breach and is continuously working to resolve all cases to help clients back online and continue to operate their ATMs as soon as possible, the company wrote in an announcement.

    We apologize for what happened and will review all our security procedures
    and are currently doing everything we can to keep our affected customers afloat. Read more

    Here's our list of the best endpoint protection services


    Bitcoin ATM bug let thieves siphon off crypto withdrawals


    Australia gets its first Bitcoin ATM

    By uploading and running the malware , the attacker gained access to the ATMs database, was allowed to read and decrypt encoded API keys needed to access the funds, and finally managed to withdraw the crypto to a separate wallet. Furthemore, the attackers managed to download usernames and password hashes, turn off multi-factor authentication (MFA), and access terminal event logs to scan for customer private keys.

    One of the things General Bytes is changing, going forward, is that it will
    no longer manage CASes for its customers - they will have to do so themselves (if they decide to stick around at all). Here's our list of the best ID theft protection right now

    Via: Ars Technica



    ======================================================================
    Link to news story: https://www.techradar.com/news/bitcoin-atms-drained-after-hackers-exploit-zero -day-bug


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)