1. Home
  2. zero-day exploit

zero-day exploit

Trust Wallet Advises Apple Users to Disable Imessage Amid Fears of Zero-Day Exploit

Trust Wallet Advises Apple Users to Disable Imessage Amid Fears of Zero-Day ExploitTrust Wallet, a crypto wallet provider, has issued a warning for Apple users to disable Imessage, based on “credible intel” about a zero-day exploit available on the dark web for $2 million, which could allow hackers to take control of users’ Iphones without any interaction needed. The alert was met with skepticism by some in […]

Gary Gensler is leaving the SEC, but replacement will face scrutiny

More than 280 blockchains at risk of ‘zero-day’ exploits, warns security firm

Dogecoin, Zcash and Litecoin have already patched the “critical” vulnerability, but hundreds of others may not have, risking billions’ worth of crypto.

More than 280 blockchain networks are at risk of “zero-day” exploits that could put at least $25 billion worth of crypto at risk, according to cybersecurity firm Halborn.

In a March 13 blog post, Halborn warned of the vulnerability it dubbed “Rab13s” — adding it has already worked with some blockchains, such as Dogecoin, Litecoin and Zcash, to institute a fix for it.

Halborn said it was contracted in March 2022 to conduct a security review of Dogecoin’s codebase and found “several critical and exploitable vulnerabilities.”

It later determined those same vulnerabilities “affected over 280 other networks” that risked billions of dollars worth of cryptocurrencies.

Halborn outlined three vulnerabilities, the “most critical” of which allows an attacker to “send crafted malicious consensus messages to individual nodes, causing each to shut down.”

It added these messages over time could expose the blockchain to a 51% attack where an attacker controls the majority of the network’s mining hash rate or staked tokens to make a new version of the blockchain or take it offline.

Other zero-day vulnerabilities it found would allow potential attackers to crash blockchain nodes by sending Remote Procedure Call (RPC) requests — a protocol allowing a program to communicate and request services from another.

It added the likelihood of RPC-related exploits was lower as it requires valid credentials to undertake the attack.

“Due to codebase differences between the networks not all the vulnerabilities are exploitable on all the networks, but at least one of them may be exploitable on each network,” Halborn warned.

Related: Jump Crypto and Oasis.app ‘counter exploits’ Wormhole hacker for $225M

The firm said at this time it’s not releasing further technical details of the exploits due to their severity and added it made a “good faith effort” to contact all affected parties to disclose the potential exploits and provide remediation for the vulnerabilities.

Dogecoin, Zcash and Litecoin have already implemented patches for the discovered vulnerabilities, but hundreds could still be exposed, according to Halborn.

Gary Gensler is leaving the SEC, but replacement will face scrutiny

Hackers exploit zero day bug to steal from General Bytes Bitcoin ATMs

The hack meant that all crypto going into the Bitcoin ATM would instead be siphoned off by the hackers.

Bitcoin ATM manufacturer General Bytes had its servers compromised via a zero-day attack on Aug. 18, which enabled the hackers to make themselves the default admins and modify settings so that all funds would be transferred to their wallet address.

The amount of funds stolen and number of ATMs compromised has not been disclosed but the company has urgently advised ATM operators to update their software.

The hack was confirmed by General Bytes on Aug. 18, which owns and operates 8827 Bitcoin ATMs that are accessible in over 120 countries. The company is headquartered in Prague, Czech Republic, which is also where the ATMs are manufactured. ATM customers can buy or sell over 40 coins.

The vulnerability has been present since the hacker’s modifications updated the CAS software to version 20201208 on Aug. 18.

General Bytes has urged customers to refrain from using their General Bytes ATM servers until they update their server to patch release 20220725.22, and 20220531.38 for customers running on 20220531.

Customers have also been advised to modify their server firewall settings so that the CAS admin interface can only be accessed from authorized IP addresses, among other things.

Before reactivating the terminals, General Bytes also reminded customers to review their ‘SELL Crypto Setting’ to ensure that the hackers didn’t modify the settings such that any received funds would instead be transferred to them (and not the customers).

General Bytes stated that several security audits had been conducted since its inception in 2020, none of which identified this vulnerability.

How the attack happened

General Bytes’ security advisory team stated in the blog that the hackers conducted a zero-day vulnerability attack to gain access to the company’s Crypto Application Server (CAS) and extract the funds.

The CAS server manages the ATM’s entire operation, which includes the execution of buying and selling of crypto on exchanges and which coins are supported.

Related: Vulnerable: Kraken reveals many US Bitcoin ATMs still use default admin QR codes

The company believes the hackers “scanned for exposed servers running on TCP ports 7777 or 443, including servers hosted on General Bytes’ own cloud service.”

From there, the hackers added themselves as a default admin on the CAS, named ‘gb’, and then proceeded to modify the ‘buy’ and ‘sell’ settings such that any crypto received by the Bitcoin ATM would instead be transferred to the hacker’s wallet address:

"The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user."

Gary Gensler is leaving the SEC, but replacement will face scrutiny