General Bytes, a Bitcoin ATM maker, has shut down its cloud services following the discovery of a “security hole” that allowed an attacker to access customers’ hot wallets and obtain personal information such as passwords and private keys.
According to its website, the company is a Bitcoin $27,519 ATM manufacturer based in Prague that has sold over 15,000 ATMs to over 149 countries worldwide.
The ATM maker issued a warning in a March 18 patch release bulletin, noting that a hacker was able to remotely upload and run a Java application into its terminals via the master service interface, collecting user information and transmitting cash from hot wallets.
In the bulletin, General Byes creator Karel Kyovsky said that this allowed the hacker to accomplish the following:
“Access to the database is required. API keys used to access funds in hot wallets and exchanges can be accessed and decrypted.
Send money from your hot wallet. Obtain user names, password hashes, and disable 2FA. Access terminal event logs and search for any instances where users scanned their private key at an ATM. This information was logged in older versions of ATM software.”
The notice discloses that both General Bytes’ cloud service and other operators’ standalone servers were compromised.
“Since 2021, we’ve completed many security audits, and none of them have detected this issue,” Kyovsky added.
Despite the fact that the hacker was able to “Transfer monies from hot wallets,” the corporation did not disclose how much money was stolen as a result of the incident.
General Bytes, on the other hand, revealed the identities of 41 wallet addresses involved in the hack. On-chain data shows several transfers into one of the wallets, totaling 56 BTC, or more than $1.54 million at current pricing.
Another wallet displays many Ether (ETH) transactions, with a total received of 21.82 ETH, which is approximately $36,000 at current pricing.
Cointelegraph contacted General Bytes for confirmation but did not receive a response before publishing.
The company has recommended BTC ATM operators to install their own standalone server as soon as possible, and has provided two fixes for their Crypto Application Server (CAS), which handles the ATM’s functionality.
“Please protect your CAS with a firewall and VPN. Terminals should connect to CAS over VPN as well “Kyovsky penned.
“Consider all of your users’ passwords, as well as API keys to exchanges and hot wallets, to be hacked. Please disable them and produce new keys and passwords.”
General Bytes’ servers were previously infiltrated in September of last year by a zero-day assault that allowed hackers to become the default administrators and change settings such that all cash were moved.
