$1.5M in Crypto Stolen via General Bytes Bitcoin ATM Hack

Over $1.5 million in crypto has been stolen via a General Bytes Bitcoin ATM exploit. Hackers abused a zero-day flaw to steal the funds.


General bytes Bitcoin ATMs have been hacked

On March 18, 2023, major Bitcoin ATM provider General Bytes experienced a security incident that led to the theft of over $1.5 million in Bitcoin.

General Bytes has sold over 15,000 Bitcoin ATMs in 149 countries (according to its official website), and is based in the Czech Republic. On March 20, two days after the security incident, General Bytes released a blog post informing the public of the hack.

In the General Bytes blog post, it was stated that the attacker behind the exploit “could upload his java application remotely via the master service interface used by terminals to upload videos and run it using BATM user privileges.”

The attacker “scanned the Digital Ocean cloud host’s IP address space and identified running CAS services on ports 7741, including the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean.”

The malicious operator exploited a zero-day flaw in General Byte’s main service interface to upload the java application.

As a result of the zero-day exploit, the attacker was able to do the following:

  • Access the database.
  • Read and decrypt API keys to access funds held in exchanges and hot wallets.
  • Withdraw money from the targeted hot wallets.
  • Download username and password hashes.
  • Disable two-factor authentication.
  • Access terminal event logs and find instances of users scanning their private key at a General Bytes ATM (which older versions of General Bytes’ software would log).

At least 56 Bitcoins were stolen in the attack, amounting to over $1.5 million at the time of writing.

The exploited vulnerability has finally been fixed

graphic of blue lock

It took General Bytes 15 hours to release a patch for the vulnerability, even though the hack was already successfully executed by this point.

General Bytes stated in its blog post regarding the hack that in the multiple security audits conducted by the company since 2021, the exploited software vulnerability was never discovered.

This marks the second General Bytes security incident in the past year, with a vulnerability exploited in August 2022 to once again steal funds.

General Bytes closes the cloud service

In the aforementioned blog post, General Bytes notified readers that they would be shutting down the cloud service. From now on, the ATM provider will require customers to access their ATMs via independent servers.

General Bytes also stated that customers have already received information about this new setup, and hope that users will understand the change.

Cryptocrime remains widespread

This General Bytes Bitcoin ATM hack is just another one of the thousands of crypto crimes that have taken place in recent years. Cybercriminals continue to focus on this industry to steal data and funds, with cryptocurrency providing an extra layer of anonymity. Although methods of detection and prevention are improving, there are still many ways in which organizations and individuals can lose their assets in crypto-based cyber attacks.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *