General Bytes, one of the leading crypto and Bitcoin (BTC) ATM manufacturing company, has shut down its cloud service after a hacker managed to exploit a security vulnerability in the system allowing the perpetrator to remotely access the master service interface and send funds from its users’ hot wallets. The attacker drained over $1.5 million from about 15 to 20 crypto ATM operators though out the United States.
General Bytes took to Twitter to reveal the incident took place on March 17 and 18 explaining that the hacker was able to remotely upload and run a Java application via the master service interface into its terminals.
On March 17-18th, 2023, GENERAL BYTES experienced a security incident.
We released a statement urging customers to take immediate action to protect their personal information.
We urge all our customers to take immediate action to protect their funds and https://t.co/fajc61lcwR… https://t.co/g5FGqvqZQ7
— GENERAL BYTES (@generalbytes) March 18, 2023
How did the Exploit Happen?
The crypto ATM manufacturer added the exploiter had access to BATM user privileges authorizing him to access the database and decrypt API keys used to access funds in hot wallets and exchanges. This allowed the attacker to download usernames, access their password hashes, turn off 2FA, and most importantly, send funds.
After discovering the security vulnerability, General Bytes released a statement urging customers to take immediate action to protect their personal information. The company added,
“We urge all our customers to take immediate action to protect their funds and personal information and carefully read the security bulletin.”
According to on-chain statistics, the hacker stole nearly 56.28 Bitcoins (BTC) worth approximately $1.5 million and liquidating dozens of other cryptocurrencies such as Ethereum (ETH), Tether (USDT), Binance USD (BUSD), Cardano (ADA), Dai (DAI), Dogecoin (DOGE), Shiba Inu (SHIB), and Tron (TRX) among many others.
Securtiy Warnings Issued
General Bytes released the details of 41 wallet addresses that were used in the attack citing all user passwords along withAPI keys to exchanges and hot wallets to be compromised. The company issued a warning asking all of its users to invalidate the earlier credentials and generate new keys and password. Meanwhile, it shut down its cloud services temporarily as a precaution. The firm’s ATMs in the United States have also been reportedly shuttered.
Hackers have exploited a zero-day #vulnerability in #Bitcoin ATMs manufactured by General Bytes to steal cryptocurrencies from users.
Details: https://t.co/1PZyyFYZ4S#infosec #hacking #cybersecurity
— The Hacker News (@TheHackersNews) August 22, 2022
This is not the first that General Bytes has experienced a breach. In August 2022, the company reported a hack that led to the theft of deposited Bitcoins at ATMs. At the time, the company said around $16,000 were stolen by the hackers. The company is based in Prague and according to its website has sold over 15,000 Bitcoin ATMs to purchasers in over 149 countries all over the world.