Hot Wallets exploits Push this crypto ATM maker to end cloud service

One of the challenges of the crypto industry is cybercrime. These nefarious activities come in various strategies such as network hacking, phishing, exploits, etc. 2022 was one of the worst years for the industry as many projects and DeFi protocols recorded huge losses to bad actors.

This year, 2023, has also seen major exploits, including the latest Euler Finance hack. Another exploit has just pushed a Bitcoin ATM maker, General Exchanged, to shut down its cloud services.

The attackers compromised many users’ hot wallets and stole private keys, passwords, etc., and stole crypto assets. The attackers managed to breach the company’s cloud services and other operators’ standalone servers.

Bitcoin ATM General Bytes loses funds to hackers

General Bytes has not disclosed the total amount the attackers stole from users’ hot wallets, but it has shared details about how the exploitation took place. The hacker first uploaded and ran a Java application into Bytes’ terminals through the main service interface. The goal was to steal users’ information and send money from their wallets.

The company sent one patch release bulletin, alerts users to the discovery. Also, General Exchanged founder Karel Kyovsky revealed that gaining access to Bytes’ terminals enabled hackers to gain access to the company’s database. It also allowed them to read and decrypt API keys to access funds in hot wallets and exchanges.

Furthermore, the hackers downloaded users’ password hashes and usernames, turned off 2-factor authentication and even sent money from hot wallets. The bad actors could also access event logs on the terminals to identify private keys scanned in the company’s ATMs, especially the older versions that keep such logs.

In particular, Kyovsky revealed that the firm conducted security audits several times in 2021. However, none of the audits discovered this vulnerability.

General bytes are moved to protect crypto users

So far, General Bytes has identified and shared details of the 41 wallets used in the attack. One of the wallets received several transactions and ended up with 56 BTC worth $1.54 million. Another wallet received many ETH transactions, up to 21.82 ETH, worth almost $36,000 at market price.

Bitcoin continues to grow on the l BTCUSDT chart on Tradingview.com

The press bulletin also shared some steps users can take to protect themselves from losing everything. First, General Bytes mandates ATM operators to install standalone servers. It released two patches for its Crypto Application Server (CAS) that manages the ATM operations.

Kyovsky further advised operators to keep CAS behind a VPN and firewall; The terminals should only connect to CAS through a VPN. As for passwords and API keys, the founder asked operators to invalidate them and create new ones since they were compromised.

To the experts and security companies, the ATM manufacturer stated that it aims to carry out many independent security audits and need help from any company that can help.

Featured image from Pixabay and chart from Tradingview.com

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *