Bitcoin ATM manufacturer General Bytes has announced that its servers were compromised through an attack on August 18. Hackers set themselves as the default administrator and modify the settings so that all funds will be transferred to their wallet addresses.
The number of stolen funds and the number of compromised ATMs have not yet been disclosed but the company has urgently advised ATM operators to update their software.
The hack was confirmed by General Bytes on August 18, which owns and operates 8827 accessible Bitcoin ATMs in more than 120 countries. The company is headquartered in Prague, Czech Republic. It is also home to the production of ATMs.
The vulnerability has been present since the hacker’s modifications updated the CAS software to version 20201208 on August 18.
General Bytes has urged customers not to use their General Bytes ATM servers until they update their servers to patch releases 20220725.22 and 20220531.38 for customers running on 20220531.
Customers should modify their server firewall settings so that the CAS administrative interface can only be accessed from allowed IP addresses.
Before reactivating the terminals, General Bytes has also reminded customers to review their ‘SELL crypto Setting‘ to ensure that hackers do not modify settings in order to steal customers’ cryptocurrencies.