Hackers used the zero day in General Bytes crypto ATMs to hack them. The exploit allowed attackers to gain administrator rights using a URL request to default to starting the server. Then they simply replaced the purchase and sale of cryptocurrencies with their wallet, directly to which the digital coins of unlucky users were sent.
Moreover, the hackers simply scanned the servers for danger — they were not even firewalled under trusted IPs. “We bring technology traces to unexpected places” is the company’s conventional slogan. And the cryptocurrency of their customers to unexpected recipients.