The hacker was able to download usernames, access password hashes, turn off two-factor authentication, and send funds from hot wallets.
On March 17th, 2023, General Bytes, a major manufacturer of cryptocurrency automated teller machines (ATMs), experienced a security incident that resulted in the theft of over $1.5 million worth of Bitcoin. The incident was first reported by General Bytes on their official Twitter account on March 18th.
On Saturday, the company explained, “We released a statement urging customers to take immediate action to protect their personal information. We urge all our customers to take immediate action to protect their funds and personal information and carefully read the security bulletin.”
According to the company’s security bulletin, an attacker was able to remotely upload a Java application using the master service interface, which allowed access to BATM user privileges, the database, and API keys used to access funds in hot wallets and exchanges.
As a result, the hacker was able to download usernames, access password hashes, turn off two-factor authentication, and send funds from hot wallets.
General Bytes has produced 9,505 ATM machines globally, thousands of which are located in the US. However, following the attack, all US operators using General Bytes machines were shut down, and the servers will have to be rebuilt from scratch.
General Bytes is reportedly transitioning crypto ATM operators to self-hosted servers after discontinuing its cloud service. This process can be time-consuming, and it is likely that some operators will be offline for an extended period.
The hacker was able to steal 56.28 bitcoin, worth around $1.5 million, and liquidated other cryptocurrencies, including ETH, USDT, BUSD, ADA, DAI, DOGE, SHIB, and TRX. The bitcoin address holding the stolen funds has not moved since March 18, and some digital currencies were transferred to different locations, including a decentralized exchange platform.
The company has disclosed the wallet addresses and three IP addresses used by the attacker in the hack. However, some sources have indicated that the company’s full node is secure enough to prevent unauthorized access to funds.
If you or someone you know has been affected by this incident, follow the solution detailed in General Bytes’ security bulletin, which can also be found below:
A user on Twitter speculated similar sentiments stating that it is likely that the attack was conducted by an individual familiar with the cryptocurrency ATM industry.
“This was made by somebody that knows the system very well, a crypto ATM company/ rogue employee that owns GB ATMs. Is not like the hacker go with a USB stick and plugs it into the ATM and uploads the attack,” they said.
Nonetheless, the breach highlights the need for increased security measures in the cryptocurrency industry to prevent future attacks.