Hackers of bitcoin ATMs could secretly change addresses

Last Updated: 22 August 2022

A hacker has stolen money from people sending crypto currency to ATMs. This reportedly involved deposits to General Bytes ATMs.

Bitcoin ATM

The hacker managed to modify the settings of devices with the settings of his own wallet. This allowed him to display an invalid payment address on the screen. This address did not belong to the ATM operator, so the money ended up in the hacker’s hands. A statement reads as follows:

“The attacker was able to remotely create an admin user through the CAS management interface. He reached the page used for the default installation on the server via a URL call. This is also where the first admin user is created.”

Bleeping Computer brought the news the day before yesterday, and the company has also provided clarity.

Here, you can read the Patch release with a bit more background information.

Solution

Of course, General Bytes has started working on a solution. They say they have done several audits since 2020, but this problem had not come to light.

The attack took place three days after a new feature was placed in the ATM. The ATM had added a “Help Ukraine” function to the device.

It is not known, how many customers were victims of the problem and how much bitcoin was captured.

Perhaps most importantly, the hacker did not gain access to the private keys of depositors. The rest of everyone’s bitcoin holdings are safe. Passwords and other data are also secure.

Currently, there are (reportedly) a total of 21 bitcoin ATMs in the Netherlands. The United States is the leader with over 34,000 ATMs, followed by Canada with 2550 ATMs and Spain with 255 ATMs.

Author

  • Ivan came across the topic of cryptocurrencies in early 2016 and, as an author and enthusiast, has been intensively involved with the topics of cryptocurrencies, blockchain and STOs ever since.

error: Alert: Content is protected !!