General Bytes, Prague-based company that manufactures Bitcoin ATMs and has sold 15,000 units in over 149 countries, has shut down its cloud services due to a security vulnerability that allowed a hacker to access customers’ hot wallets and steal private keys and passwords.
In a patch release bulletin dated March 18, 2023, the company claimed that a hacker had managed to upload and run a Java application through the master service interface into its terminals to steal users’ information from hot wallets and transfer money from the affected hot wallets. The incident occurred between March 17-18, 2023.
On March 17-18th, 2023, GENERAL BYTES experienced a security incident.
We released a statement urging customers to take immediate action to protect their personal information.
We urge all our customers to take immediate action to protect their funds and https://t.co/fajc61lcwR… https://t.co/g5FGqvqZQ7
— GENERAL BYTES (@generalbytes) March 18, 2023
The attacker was detected running Crypto Application Server (CAS) services on ports 7741 in the Digital Ocean cloud hosting IP address space, General Bytes’ recommended cloud hosting provider. The hacker uploaded the application directly into the application server used by the admin interface.
The company did not reveal how much money was stolen but disclosed that 41 wallet addresses were used in the hack. According to on-chain statistics, there were numerous transfers into one of the wallets, leaving a balance of 56 BTC, or more than $1.54 million, at the time of writing.
General Bytes has provided several steps for ATM operators to protect themselves. These included examining all CAS users, resetting all user passwords (except theirs), ensuring crypto addresses and strategies are accurate, deleting unrecognized terminals, and activating only verified terminals.
Meanwhile, concerned parties have taken to Twitter to talk about the hack. A Twitter user identified as @Compresses8 asked if General Bytes will be paying customers back as the hack happened as a result of their negligence.
Are you paying customers back what was taken due to @generalbytes negligence><<??
— Compresses (@Compresses8) March 20, 2023
Another user, @oneBrain01, claimed the attack was perpetrated by somebody that knows the system very well, either a crypto ATM company or a rogue employee that owns a General Bytes ATM.
This was made by somebody that know the system very good, a cryptoATM company/ rogue employee that own GB atms. Is not like the hacker go with a usb stick and plug it to the ATM and upload the attack like in Watch Dogs the video game.
— oneHead (@oneBrain01) March 19, 2023
If you would like to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
