General Bytes experienced a security incident on March 17-18 that allowed a hacker to remotely access the master service interface and send funds from hot wallets, the company and sources said. The breach forced the majority of US-based operators of crypto automated teller machines (ATMs) to temporarily shut down. The hacker was able to liquidate 56.28 bitcoins worth about $1.5 million from about 15 to 20 crypto ATM operators across the country.
Crypto ATM operators temporarily shut down after a public Byte security breach allows hackers to liquidate $1.5 million in Bitcoin and other cryptocurrencies
The largest manufacturer of ATMs (ATMs) for cryptocurrencies, General Bytes, has produced 9,505 such machines worldwide, including thousands in the United States. On Saturday, March 18, the company informed the public of a serious security incident that also occurred on March 17.
“We have released a statement urging customers to take immediate steps to protect their personal information,” the company said at 4:42 p.m. ET on Saturday. “We urge all our customers to take immediate steps to protect their funds and personal information and to read the security bulletin carefully,” the company added.
General Bytes’ security bulletin said the attacker was able to remotely upload their own Java application through the master service interface, which is typically used by terminals to upload videos. The attacker had access to BATM user rights and was also able to access the database, read and decrypt API keys used to access funds in hot wallets and exchanges. In addition, the hacker could download usernames, access their password hashes, disable 2FA, and send funds from hot wallets.
Bitcoin.com News spoke to a US-based cryptocurrency ATM (cash machine) operator who confirmed that all US operators using General Bytes machines were shut down nationwide for the evening. The operator also mentioned that servers would have to be built from scratch, which can be a tedious process.
General Bytes is reportedly moving crypto ATM operators to self-hosted servers. In the security bulletin, General Bytes stated that the company is discontinuing its cloud service. In addition, the company stated that it had conducted multiple security audits since 2021 and none of them had identified this vulnerability.
According to onchain statistics, the hacker stole 56.28 bitcoins worth about $1.5 million and also liquidated dozens of other cryptocurrencies like ETH, USDT, BUSD, ADA, DAI, DOGE, SHIB, and TRX. The Bitcoin (BTC) address holding the 56.28 BTC has not moved the funds since its last transaction at 3:20 a.m. on March 18. Some digital currencies have been transferred to other locations, and a fraction has been sent to the decentralized exchange (DEX) platform Uniswap.
General Bytes has had issues before and reported a vulnerability on August 18, 2022. The attacker at the time used a zero-day attack to “remotely create an admin user through the CAS administration interface via a URL call on the page using the default installation on the server and creating the first administration user.”
As for the March 17-18, 2023 hack, General Bytes disclosed not only the addresses used in the attack, but also three IP addresses used by the attacker. The source, speaking to Bitcoin.com News Saturday night, went on to note that while her company’s system was hacked, the company operates a full node that is “locked down sufficiently” to prevent the attacker from accessing funds.
What are your thoughts on the breach that affected General Bytes? Do share your thoughts on this topic in the comments section below.
photo credit: Shutterstock, Pixabay, WikiCommons
Disclaimer: This article is for informational purposes only. It is not a direct offer, or a solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service, or company. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.
