General Bytes, a manufacturer of bitcoin (BTC) vending machines, disclosed late last week that hackers had exploited a major security breach on their machines. The attack created a new administrator profile to hijack funds when a user sent BTC.
Bitcoin (BTC) machines hacked
General Bytes, a manufacturer of BTC vending machines, says hackers exploited a flaw in their machines. This flaw, considered critical, requires a software update from the operators of these machines.
The hackers actually managed to create a new default administrator profile, allowing them to control the rights granted by this status. The exploited flaw had passed through all security audits performed since 2020. It is therefore what we call a zero-day flaw, i.e. the exploitation of a previously unknown vulnerability.
Thus, when a user used the windows to send bitcoins to an address, they were in fact redirected to a destination chosen by the attackers. However, General Bytes did not communicate on the extent of the damage, caused by this hack.
A necessary update
General Bytes is asking all its customers to perform a corrective update. The company also urges them to check their list of administrators, to prevent possible intrusions. Despite this, the attackers reportedly did not have access to any private keys or passwords. If any suspicious activity was found, a procedure is also described to measure it.
Although no causal link has been demonstrated, the company informs that the attack occurred three days after the arrival of a feature called “Help Ukraine”, that is, from August 5. As the name suggests, this upgrade allows you to send donations to Ukraine directly to the official government address.
According to the General Bytes website, the company has already sold more than 13,000 BTC distributors across more than 143 countries. More than 180 fiat currencies can be used and more than 22.5 million transactions have been made on these machines.
More generally, last spring, a study came back on the growth of cryptocurrency ATMs. Thus, 22 distributors would have been installed per day in March, worldwide.
