Vulnerability in crypto ATMs allowed hacker to drain $1.5 million

A hacker looted at least $1.5 million from cryptocurrency ATMs by exploiting a newly discovered software vulnerability.

The robbery hit cryptocurrency ATM provider General Bytes over the weekend and left it exposed to security breaches on the company’s cloud services and servers. “The attacker identified a security vulnerability in the main service interface used by Bitcoin ATMs to upload videos to the server,” General Bytes said in a report(Opens in a new window) disclose the breach.

The company has been vague about the exact nature of the vulnerability. But the problem involves crypto application servers(Opens in a new window) (CAS services) for General Bytes, which can allow a client to manage their Bitcoin ATMs from a central location.

The hacker was able to scan the internet and identify the CAS services on cloud hosting provider DigitalOcean. The culprit then exploited the vulnerability to upload a malicious Java app to the application servers, giving them access to the ATMs’ cryptocurrency funds, along with the ability to turn off two-factor authentication.

“As a result, the attacker was able to send funds from hot wallets, and at least 56 Bitcoins (or about $1.59 million) were stolen before we could release the update,” General Bytes said. In addition, the hacker used a number of addresses for other cryptocurrencies, suggesting that they may have stolen a number of tokens.

Recommended by our editors

The hack was so bad that the company shut down the cloud service. General Bytes also encourages customers to pull the plug on their CAS servers as soon as possible and install the updates. “Consider that all 1) user CAS passwords and 2) API keys to exchanges and hot wallets have been compromised and leaked,” it tells customers, even though they haven’t lost any money.

The heist occurred despite General Bytes conducting multiple security audits since 2021. Although it published an advisory(Opens in a new window) on how to avert the threat, General Bytes added, “From now on, all our customers will manage their ATMs using their stand-alone server.”

Do you like what you read?

Sign up SecurityWatch newsletter for our best privacy and security stories delivered straight to your inbox.

This newsletter may contain advertising, deals or affiliate links. Subscribing to a newsletter indicates your consent to our terms of use and privacy policy. You can unsubscribe from the newsletters at any time.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *