General Bytes, a manufacturer of bitcoin (BTC) vending machines, disclosed late last week that hackers had exploited a major security flaw in their machines. This attack created a new admin profile to embezzle funds when a user sent BTC.
Hacked bitcoin (BTC) ATMs
General Bytes, a maker of BTC vending machines, says hackers have exploited a flaw in their machines. This flaw, considered critical, requires a software update from the operators of these distributors.
Hackers have actually managed to create a new default administrator profile, allowing them to have control over the rights granted by this status. The flaw exploited had passed through all the security audits carried out since 2020. It is therefore what is called a zero-day flaw, namely the exploitation of a vulnerability hitherto unknown.
Thus, when a user used the counters to send bitcoins to an address, the latter were in fact redirected to a destination chosen by the attackers. However, General Bytes did not communicate the extent of the damage caused by this hack.
A necessary update
General Bytes is asking all of its customers to perform a patch update. The company also urges them to check their list of administrators, in order to prevent possible intrusions. Even so, the attackers would not have had access to any private key or password. If the suspicious activity has been found, a procedure is also described to measure its content.
Although no causal link has been demonstrated, the company informs that the attack occurred three days after the arrival of a feature called “Help Ukraine”, i.e. from August 5. As the name suggests, this upgrade allows donations to be sent to Ukraine directly to the official government address.
According to the General Bytes website, the company has already sold over 13,000 BTC ATMs across over 143 countries. Over 180 fiat currencies can be used and over 22.5 million transactions have been made on these machines.
More generally, last spring, a study looked back on the growth of cryptocurrency distributors. Thus, 22 distributors would have been installed per day in March, all over the world.