uTalk

thrive

Member

Registered: 2023-01-04

Posts: 2,057

Using a zero-day flaw, hackers steal over $1.6 million in crypto

Unidentified threat actors took cryptocurrency from hot wallets by exploiting a zero-day security hole in General Bytes' software, according to the company.

"The attacker was able to remotely upload his own java application via the master service interface used by terminals to upload videos and run it using 'batm' user privileges," the business claimed in a weekend advisory. The attackers scanned the IP address space of Digital Ocean's cloud hosting and identified CAS services running on port 7741, including General Bytes Cloud and other GB ATM operators that use their servers on Digital Ocean.

The server where the malicious Java application was uploaded was configured by default to run applications in the deployment folder ("/batm/app/admin/standalone/deployments/"), the company said. By doing so, the attack allowed the threat actor to gain access to the databases; read and decrypt API keys used to access hot wallets and exchange funds; send money from wallets; download usernames, password hashes and close two-factor authentication (2FA); even access endpoint event logs.

It also warned that the incident had infiltrated its cloud service as well as individual servers from other operators, forcing the company to suspend service. In addition to encouraging customers to place their encrypted application servers (CAS) behind firewalls and VPNs, it also recommends rotating all user passwords and API keys in exchanges and hot wallets.

"CAS security fixes are provided in two server patch releases 20221118.48 and 20230120.44," General Bytes said in a statement. The company also emphasized that it has conducted several security audits since 2021, but none of them flagged this vulnerability. It doesn't seem to have been fixed since version 20210401. General Bytes did not reveal the exact amount of funds stolen by the hackers, but an analysis of the cryptocurrency wallets used in the attack revealed that 56,283 BTC ($1.5 million), 21,823 ETH ($36,500) and 1,219,183 LTC ($96,500) were received.

The ATM hack is the second breach to target General Bytes in less than a year, with another zero-day vulnerability in its ATM servers used in August 2022 to steal cryptocurrency from its customers.

Cat

Member

Registered: 2023-03-11

Posts: 153

Re: Using a zero-day flaw, hackers steal over $1.6 million in crypto

It seems odd that anyone can walk up to an ATM and download the app, it's the company's fault.

misha220

Member

Registered: 2023-03-23

Posts: 10

Re: Using a zero-day flaw, hackers steal over $1.6 million in crypto

This is the second case, and they can't strengthen the defense. It's a shame about the people who were hurt.