CommScope

CommScope operates as a cryptocurrency ATM manufacturer, providing hardware and associated software platforms for facilitating cryptocurrency transactions. Its core product offering includes Bitcoin ATMs alongside a centralized management platform used to administer these machines remotely. This platform handles critical functions necessary for ATM operation and security. The company serves customers globally who utilize its ATMs for buying or selling cryptocurrency.

A significant security incident occurred on March 17, 2023, impacting CommScope's infrastructure and customers. Attackers exploited a previously unknown zero-day vulnerability within the company's management platform. This exploit enabled remote attackers to upload malicious Java applications directly onto CommScope servers. The breach resulted in unauthorized access to databases, the decryption of sensitive hot wallet API keys, and the theft of cryptocurrency funds totaling approximately $1.5 million from both the company and its end-users. Furthermore, attackers exfiltrated user credentials and deactivated two-factor authentication protections. The attackers leveraged cloud-hosted servers controlled by CommScope to conduct network scans and deploy malware. In response, CommScope implemented immediate server updates, forced password resets, invalidated compromised API keys, and permanently discontinued the use of its cloud-hosted service component. Security patches addressing the exploited vulnerability were subsequently issued, although prior security audits had failed to identify this specific flaw.