Bitcoin ATM maker shuts down cloud service after users’ hot wallets compromised
Bitcoin ATM maker General Bytes has shut down its cloud services after discovering a “security vulnerability” that allowed an attacker to access users’ hot wallets and obtain sensitive information, such as passwords and private keys.
The company is a Bitcoin (BTC) ATM manufacturer based in Prague, and according to its website, has sold over 15,000 ATMs to over 149 countries worldwide.
In a March 18 update bulletin, the ATM maker issued a warning explaining that a hacker has been able to remotely upload and run a Java application via the main service interface of its terminals with the aim of stealing user information and sending money from hot wallets.
General Byes founder Karel Kyovsky explained in the bulletin that this allowed the hacker to achieve the following:
- “Ability to access the database.
- Ability to read and decrypt API keys used to access funds in hot wallets and exchanges.
- Send money from hot wallets.
- Download usernames, their password hashes and turn off 2FA.
- Ability to access terminal event logs and scan for all instances where customers scanned private key at the ATM. Older versions of ATM software logged this information.”
The notice reveals that both General Bytes’ cloud service was breached, as well as other operators’ standalone servers.
“We have completed several security audits since 2021, and none of them identified this vulnerability,” Kyovsky said.
Hot wallets compromised
Although the company noted that the hacker was able to “send funds from hot wallets,” it did not disclose how much was stolen as a result of the breach.
However, General Bytes released the details of 41 wallet addresses used in the attack. On-chain data shows several transactions in one of the wallets, resulting in a total balance of 56 BTC, worth over $1.54 million at current prices.
Another wallet shows several Ether (ETH) transactions, with a total amount received of 21.82 ETH, worth approximately $36,000 at current prices.
Cointelegraph reached out to General Bytes for confirmation, but did not receive a response by the time of publication.
Related: Bitcoin ATM decline: Over 400 machines went offline in less than 60 days
The company has quickly advised BTC ATM operators to install their own stand-alone server and released two patches for their Crypto Application Server (CAS), which manages ATM operations.
“Please keep CAS behind a firewall and VPN. Terminals should also connect to CAS via VPN,” Kyovsky wrote.
“Additionally, consider that all user passwords and API keys for exchanges and hot wallets have been compromised. Please invalidate them and generate new keys and passwords.”
General Bytes previously had its servers compromised via a zero-day attack last September that allowed hackers to make themselves default administrators and change settings so that all funds would be transferred.