General Bytes Loses Over $1.5M In Crypto Hack
The ATM maker shut down its cloud services to limit further compromise of sensitive user information.
Bitcoin ATM maker General Bytes has reportedly lost around $1.5 million worth of BTC to a crypto hack. The company reported a security incident between March 17 and 18 that allowed unauthorized access to compromising user information.
According to the press release, the attacker gained remote access to the entire database, API keys, hot wallets, usernames and passwords. Consequently, the attacker can also turn off 2-factor authentication and gain access to terminal event logs showing customers who may have scanned their private keys at any Bitcoin ATM. This compromised hot wallets, allowing the hacker to transfer tokens to other wallet addresses. The hack also compromised General Bytes’ cloud services.
After the hack, the Bitcoin ATM maker released 41 wallet addresses that were used in the hack. One of the wallet addresses received 56 BTC, equivalent to around $1.5 million. Another wallet address also received around 21.82 ETH, which is over $39,000 at current prices.
General Bytes’ response
Following the security incident, the ATM maker shut down its cloud services to limit further compromise of sensitive user information. The company also issued a safety advisory to all operators and users of the ATMs worldwide. The advisory included instructions on how operators could confirm breaches in their systems and how to fix the breaches.
Again, the Bitcoin maker advised BTC ATM operators to install its stand-alone server, and released two security updates for the Crypto Application Server (CAS).
The firm has also issued an open invitation to several security firms to audit their systems again. The firm noted that it had conducted several security audits since 2021. “None of them identified this vulnerability,” it said.
The firm believes that having multiple audits of multiple companies can help prevent similar situations in the future. All interested security firms will be required to spend a short time at the Prague offices to physically review the ATMs.
Develop a holistic security strategy
While smart contracts and private keys may be the most common means of crypto hacking, they are not the only threats. The crypto hack once again underscores the importance of developing a comprehensive security approach for the blockchain ecosystem. Such an approach will address attacks on all blockchain endpoints and levels of the ecosystem.
next