A hacker stole funds belonging to clients of General Bytes Bitcoin ATM machines by modifying them.

According to an advisory published last week by General Bytes, the hacker modified the crypto setting in the Bitcoin ATM machines with the help of his own crypto wallet and the invalid payment address setting.

As per Bleeping Computer, which first covered the news, the hacker was able to exploit a zero-day vulnerability in General Bytes Bitcoin ATM servers through which the funds were siphoned off by the hackers instead of being deposited in the Bitcoin ATMs.

The Bitcoin ATMs are operated by a remote Crypto Application Server (CAS) which is responsible for the management of the ATM's operation, the cryptocurrencies which will be supported, and the execution of purchases and sales of cryptocurrency on exchanges as well.

"The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user," the advisory said.

As the customers deposited their funds after the hackers tweaked the ATMs, the "two-way ATMs started to forward coins to the attacker's wallet when customers sent coins to ATM," stated the advisory.

Interestingly, the number of cryptocurrencies stolen or the number of ATMs affected remains unclear for now.

The year 2022 has been a pain for crypto investors due to countless attacks and rug pulls taking place. The biggest of these hackers was the Ronin Bridge hack whose funds were transferred to Tornado Cash and then to the Bitcoin Network.

Recently, Polkadot's DeFi hub Acala was also attacked by hackers which took advantage of a vulnerability in the Honzon protocol and minted over 1.2 aUSD tokens. However, the attack was prevented.

apple-692186_19201
Representation. Nicholas Faber, 25, was sentenced to three years in federal prison after he used college students' school emails to hack their social media accounts and steal nude photos. Pixabay