Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users.
"The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user," the company said in an advisory last week. "This vulnerability has been present in CAS software since version 2020-12-08."
It's not immediately clear how many servers were breached using this flaw and how much cryptocurrency was stolen.
CAS is short for Crypto Application Server, a self-hosted product from General Bytes that enables companies to manage Bitcoin ATM (BATM) machines from a central location via a web browser on a desktop or a mobile device.
The zero-day flaw, which concerned a bug in the CAS admin interface, has been mitigated in two server patch releases, 20220531.38 and...
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.
INN caught up with cryptocurrency investment expert Dan Hoover to review the current landscape and where the market may be heading. The cryptocurrency investment marketplace has gone through severa...