Bitcoin ATM maker General Bytes has shut down its cloud services after discovering a “security vulnerability” that allowed an attacker to access users’ hot wallets and obtain sensitive information such as passwords and private keys.
The company is a Prague-based manufacturer of Bitcoin (BTC) ATMs, and according to his website, he has sold more than 15,000 ATMs to more than 149 countries around the world.
In a March 18 patch release bulletin, ATM maker issued a warning explaining that a hacker has been able to remotely upload and run a Java application through the master service interface on their terminals with the aim of stealing user information and sending funds from hot wallets.
On March 17 and 18, 2023, GENERAL BYTES experienced a security incident.
We published a statement urging customers to take immediate steps to protect their personal information.
We urge all of our clients to take immediate action to protect their funds and https://t.co/fajc61lcwR… https://t.co/g5FGqvqZQ7
— GENERAL BYTES (@generalbytes) March 18, 2023
General Byes founder Karel Kyovsky explained in the newsletter that this allowed the hacker to achieve the following:
- “Ability to access the database.
- Ability to read and decrypt API keys used to access funds on wallets and hot exchanges.
- Send funds from hot wallets.
- Download usernames, their password hashes, and disable 2FA.
- Ability to access terminal event logs and scan any instances where customers scanned the private key at the ATM. Previous versions of ATM software recorded this information.”
The notice reveals that both General Bytes’ cloud service was breached as well as other carriers’ standalone servers.
“We have completed multiple security audits since 2021, and none of them identified this vulnerability,” Kyovsky said.
Compromised Hot Wallets
Although the company noted that the hacker was able to “send funds from hot wallets,” it did not disclose how much was stolen as a result of the breach.
However, General Bytes published the details of 41 wallet addresses that were used in the attack. on-chain data shows multiple transactions in one of the wallets, resulting in a total balance of 56 BTC, worth over $1.54 million at current prices.
another wallet shows multiple Ether (ETH) transactions, with a total received of 21.82 ETH, worth approximately $36,000 at current prices.
Cointelegraph reached out to General Bytes to confirm this, but did not receive a response prior to press.
Related: Bitcoin ATMs Crash: Over 400 Machines Go Offline in Less Than 60 Days
The company urgently advised BTC ATM operators to install their own standalone server and released two patches for its Cryptographic application server (CAS), which manages the operation of the ATM.
“Keep your CAS protected by a firewall and a VPN. Endpoints should also connect to the CAS through a VPN,” Kyovsky wrote.
“Also, consider that all your user passwords and API keys for exchanges and hot wallets are compromised. Please invalidate them and generate new keys and passwords.”
Previously, General Bytes had its servers compromised via a zero-day attack in September of last year that allowed hackers to become default administrators and modify settings so that all funds were transferred.
