A hacker stole crypto funds from customers making deposits at General Bytes Bitcoin ATM machines, according to an advisory published this week.
The hacker modified the crypto settings of two-way machines with his wallet settings and the invalid payment address setting, the company said in an advisory published Thursday. Bleeping Computer first covered the news.
"The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user," the statement said.
The company published steps to take to implement a security fix published on its website. It said that in the multiple audits it has completed since 2020, it had not identified this vulnerability.
The attack happened on the third day after the company publicly announced a "Help Ukraine" feature on its ATMs, the advisory said.
The company didn't specify how many people were affected by the hack or how much crypto was stolen. The firm was not immediately available to comment when reached.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.