According to the company and sources, on March 17 and 18, General Bytes experienced a security incident that allowed hackers to remotely access the Master Service interface and transfer funds from a hot wallet The company says it experienced a security incident that allowed hackers to remotely access its MasterService interface and transfer funds from hot wallets. The breach resulted in a temporary shutdown of most U.S.-based crypto automated teller machine (ATM) operators. Hackers were able to liquidate 56.28 bitcoins worth approximately $1.5 million from approximately 15 to 20 crypto ATM operators nationwide.
Crypto ATM Operators Temporary Shut Down After General Bytes Security Breach Enables Hacker to Liquidate $1.5M in Bitcoin and Other Cryptocurrencies
Largest Cryptocurrency Automated Teller Machine (ATM) Manufacturer,General Bytesproduces9,505 unitsworldwide, several thousand of which are located in the U.S. On Saturday, March 18, the company notified the publicof a serious security incident that also occurred on March 17.
“We issued a statement urging our customers to take immediate action to protect their personal information.” The company explained at 4:42 p.m. ET on Saturday.” We urge all customers to take immediate action to protect their funds and personal information and to read the security bulletin carefully.” The company added.
According to General Bytes’security information, attackers were able to remotely upload their own Java applications using the master service interface that terminals normally use to upload video The attacker had BATM user privileges. The attacker was able to access BATM’s user permissions, as well as access the database and read and decrypt API keys used to access hot wallets and exchange funds. Additionally, hackers were able to download usernames, access password hashes, turn off 2FA, and transfer funds from the hot wallet.
Bitcoin.com News spoke with a U.S.-based cryptocurrency automated teller machine (ATM) operator who confirmed that all U.S. operators using General Bytes machines were shut down nationally during the night. This operator also stated that the servers would have to be rebuilt from scratch, which could take a long time.
According to reports, General Bytes is moving its crypto ATM operators to self-hosted servers; General Bytes stated in a security bulletin that the company is discontinuing its cloud services. It further explained that it has conducted multiple security audits since 2021, none of which identified this vulnerability.
According to on-chain statistics, hackers siphoned off 56.28 bitcoins worth about $1.5 million and liquidated dozens of other cryptocurrencies, includingETH, USDT, BUSD, . ADAand DAI, DOGE, SHIB, and TRX. 56.28 holdingBitcoin (BTC) address; BTChas not moved any funds since its last trade at 3:20 AM on March 18. Some digital currency was transferred to different locations and fractions were sentto the decentralized exchange (DEX) platform Uniswap
General Bytes had experienced problems before, recording asecurity flaw on August 18, 2022. At that time, the attacker leveraged a zero-day attack to “remotely create the first administrative user via the CAS administration interface by calling the URL of the page used for the default installation on the server.”
For the March 17 and 18, 2023 hacks, General Bytes published not only the addresses used in the attacks, but also the three IP addresses used by the attackers. A source who spoke with Bitcoin.com News on Saturday evening further noted that although their company’s systems were hacked, the company is running a full node that is “sufficiently locked down” to prevent attackers from accessing funds.
Image credit: Shutterstock, Pixabay, Wiki Commons