Bitcoin ATM Bytes the Dust
Market Meditations | August 22, 2022
There are many ways to get cryptocurrency in your possession. You can be sent crypto, you can buy crypto in a centralized exchange, or you can purchase bitcoin from a Bitcoin ATM. While there may be advantages to each of these, General Bytes’ Bitcoin ATMs currently have a vulnerability that allows crypto to be stolen from customers.
- When customers have been depositing or purchasing cryptocurrency via these ATMs (owned by General Bytes), the funds are being siphoned off by hackers.
- These attacks are being conducted using a “zero-day vulnerability” in the company’s Crypto Application Server (CAS). Attackers are able to create an admin user remotely using the CAS interface and proceed to siphon crypto.
- There are still 18 servers exposed to the internet. A patch has been created to configure firewalls to only allow access to the CAS from a trusted IP address.
- General Bytes is warning users to NOT operate any of their Bitcoin ATMs until the server patch releases have been applied.
While Bitcoin ATMs offer advantages, such as anonymity, when buying crypto, it’s important to remember that they still have security concerns. Nothing is guaranteed and there will always be a level of risk one must take when operating in this terrain.