...

1. Review all your CAS users, their permissions, and groups.

   1. Delete any unrecognized users.

   2. Check all CAS users' email addresses (in Persons).

2. Reset all user passwords (except your own).

3. Review your Crypto Settings.

   1. Make sure you run the Crypto Settings tests to verify that your crypto addresses and strategies are correct.

   2. The attacker might have changed your SELL Crypto Settings to receive coins from customers into his wallet.

4. Activate your DELETE any unrecognized or unpaired Terminals.

5. Activate VERIFIED terminals.

What didn't happen

...

22.8.2022 15:00 - Incident was reported to Czech Police. Total damage caused to ATM operators based on their feedback is 16 000 USD.

Sept 2, 2022: We received a report from a BATM operator that claims he lost coins from his BUY wallet. We believe that this Operator upgraded his server to the patched version - but forgot to delete the unpaired Terminal that the attacker created while he had access to the server. Please (again) review all users that are listed in your CAS - and revoke access to the ones that you are unsure of. Also DELETE ALL unpaired terminals - so the attacker cannot connect his own terminal to your server. Also delete all terminals on your server that might be paired but are not yours.