BTC ATM Manufacturer General Bytes faces $1.5 Mln exploit, shuts down cloud service

Key Takeaways

• According to General Bytes’ security bulletin, the hacker was able to remotely upload their own Java app using the master service interface and had access to BATM user privileges.
• The hacker could read and decrypt API keys, download usernames, a cess database, and send funds from hot wallets.

Leading Bitcoin ATM Manufacturer General Bytes faced a security breach on March 17 and 18, resulting in a hacker stealing over $1.5 Mln in Bitcoin.

According to General Bytes’ security bulletin, the hacker was able to remotely upload their own Java application using the master service interface and had access to BATM user privileges.

The attacker exploiting the security vulnerability was able to access the database, read and decrypt API keys, download usernames, access their password hashes, turn off 2FA, and send funds from hot wallets.

On March 17-18th, 2023, GENERAL BYTES experienced a security incident.

We released a statement urging customers to take immediate action to protect their personal information.

We urge all our customers to take immediate action to protect their funds and https://t.co/fajc61lcwR… https://t.co/g5FGqvqZQ7

— GENERAL BYTES (@generalbytes) March 18, 2023

General Byes founder Karel Kyovsky in the bulletin, also noted that the hacker had the ability to access terminal event logs and scan for any instance where customers scanned private keys at the ATM. 

As per on-chain analytics, the hacker stole 56.28 bitcoins worth approximately $1.5 million. General Bytes also released the details of 41 wallet addresses that were used in the attack. Further, the hacker also liquidated dozens of other cryptos, including ETH, USDT, BUSD, ADA, DAI, DOGE, and SHIB, among others.

The crypto ATM manufacturer has now shuttered its cloud services following the exploit. The firm had now urged all BTC ATM operators to install their own standalone server and released two patches for their Crypto Application Server (CAS).

“Additionally, consider all your user’s passwords and API keys to exchanges and hot wallets to be compromised. Please invalidate them and generate new keys & passwords”, the bulletin reads.

In its official statement, the firm claimed that it had conducted multiple security audits since 2021, and none of them had identified the vulnerability. This is, however, not the first instance of the crypto ATM manufacturer being subjected to an exploit.

Last year in September, the Prague- based General Bytes’ servers were compromised via a zero-day attack. As part of the exploit, the attacker created an admin user remotely via CAS administrative interface via a URL call on the page used for the default installation on the server and creating the first administration user.