![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
Bitcoin ATMs (BATMs) hit with zero-day exploit, people lose $1.5mil in cryptocurrency
First off, terms: A Zero-Day is an exploitable flaw or flaws that the software makers don't know about, and therefore, it hasn't been fixed. Sometimes it takes multiple zero-days being chained together to truly exploit a system.
Bitcoin Wallet: a wallet is where you store the crypto keys that identify you as holding bitcoins. There are two types, Hot and Cold. A Cold Wallet is not available on the internet and is fairly safe. But a BATM needs a Hot Wallet to access your funds, which is connected to the internet.
What happened here was that the BATMs were vulnerable to exploits, and were hit. The exploits let the attackers get to the administrative interface, which gave them access to logs that included crypto keys, which gave them access to people's hot wallets which were then hit.
As the article says: "The incident underscores the risk of storing cryptocurrencies in Internet-accessible wallets, commonly called hot wallets. Over the years, hot wallets have been illegally drained of untold amounts of digital coin by attackers who exploit various vulnerabilities in cryptocurrency infrastructures or by tricking wallet holders into providing the encryption keys required to make withdrawals.
Security practitioners have long advised people to store funds in cold wallets, meaning they’re not directly accessible to the Internet. Unfortunately, BATMs and other types of cryptocurrency ATMs generally can’t follow this best practice because the terminals must be connected to hot wallets so that they can make transactions in real time. That means BATMs are likely to remain a prime target for hackers."
https://arstechnica.com/information-technology/2023/03/hackers-drain-bitcoin-atms-of-1-5-million-by-exploiting-0-day-bug/
Bitcoin Wallet: a wallet is where you store the crypto keys that identify you as holding bitcoins. There are two types, Hot and Cold. A Cold Wallet is not available on the internet and is fairly safe. But a BATM needs a Hot Wallet to access your funds, which is connected to the internet.
What happened here was that the BATMs were vulnerable to exploits, and were hit. The exploits let the attackers get to the administrative interface, which gave them access to logs that included crypto keys, which gave them access to people's hot wallets which were then hit.
As the article says: "The incident underscores the risk of storing cryptocurrencies in Internet-accessible wallets, commonly called hot wallets. Over the years, hot wallets have been illegally drained of untold amounts of digital coin by attackers who exploit various vulnerabilities in cryptocurrency infrastructures or by tricking wallet holders into providing the encryption keys required to make withdrawals.
Security practitioners have long advised people to store funds in cold wallets, meaning they’re not directly accessible to the Internet. Unfortunately, BATMs and other types of cryptocurrency ATMs generally can’t follow this best practice because the terminals must be connected to hot wallets so that they can make transactions in real time. That means BATMs are likely to remain a prime target for hackers."
https://arstechnica.com/information-technology/2023/03/hackers-drain-bitcoin-atms-of-1-5-million-by-exploiting-0-day-bug/
no subject
no subject
Good for you, getting out. I agree, it isn't a Ponzi scheme per se. But there is nothing to back its value except for speculation driving up the price. A couple of coins try to link to real U.S. dollars, but I don't think they're very successful.
no subject
Hugs, Jon
no subject
In a bank, it's pretty darn safe.
no subject