Bitcoin ATM Servers Zero-day Exploited to Steal Cryptocurrency

Hackers have managed to abuse the zero-day vulnerability in General Bytes Bitcoin ATM servers to steal the cryptocurrency from the customers when they would deposit their funds. Operations with Bitcoin ATMs are controlled by a remote Crypto Application Server. According to the General Bytes security advisory, "the attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user." Read more...