Sign In

Communications of the ACM

ACM TechNews

Hackers Drain Bitcoin ATMs of $1.5 Million by Exploiting 0-Day Bug

View as: Print Mobile App Share:
A bitcoin ATM.

General Bytes said the company has received “multiple security audits since 2021,” and that none of them detected the vulnerability exploited.

Credit: General Bytes

General Bytes reported that over $1.5 million in bitcoin was drained from hot wallets (Internet-accessible wallets) via its bitcoin ATMs (BATMs) by hackers that exploited a previously unknown zero-day vulnerability.

This flaw allowed the hackers to use the master server interface, which permits customers to upload videos from the BATM terminal to the crypto application server (CAS), to upload and execute a malicious Java application.

Although the vulnerability was patched 15 hours after it was discovered, the stolen bitcoin could not be recovered.

In response to the incident, General Bytes said it would no longer manage CASes for customers.

From Ars Technica
View Full Article


Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account