General Bytes experienced a security incident on March 17 and 18 that allowed a hacker to remotely access the master service interface and send funds from hot wallets, according to the company and sources. The breach forced most US-based crypto ATM operators to temporarily shut down. The hacker was able to liquidate 56.28 bitcoins, worth approximately $1.5 million, from between 15 and 20 crypto ATM operators across the country.
Crypto ATM Operators Temporarily Shut Down After General Bytes Security Breach Allowed Hacker to Liquidate $1.5 Million in Bitcoin and Other Cryptocurrencies
The largest manufacturer of cryptocurrency ATMs, general byteshas produced 9,505 such machines globally, with thousands located in the United States. On Saturday March 18, the company informed the public of a serious security incident that also occurred on 17 March.
"We released a statement urging customers to take immediate steps to protect their personal information," the company explained at 4:42 p.m. (ET) on Saturday. โWe urge all of our clients to take immediate steps to protect their funds and personal information and to read the security bulletin carefully,โ the firm added.
general bytes security bulletin said the attacker was able to remotely upload his own Java application using the master service interface, which terminals typically use to upload videos. The attacker had access to the BATM user privileges and was also able to access the database, read and decrypt the API keys used to access funds on the wallets and hot exchanges. Additionally, the hacker could download usernames, access their password hashes, disable 2FA, and send funds from hot wallets.
Bitcoin.com News spoke with a US-based cryptocurrency ATM operator who confirmed that all US operators using General Bytes machines were shut down across the country overnight. The carrier also mentioned that the servers would have to be rebuilt from scratch, which can be a lengthy process.
General Bytes is reportedly transitioning crypto ATM operators to self-hosted servers. In the security bulletin, General Bytes stated that the company is discontinuing its cloud service. In addition, the firm explained that it had carried out multiple security audits since 2021 and none of them had identified this vulnerability.
According to the chain's statistics, the hacker siphoned off 56.28 bitcoins worth approximately $1.5 million and also liquidated dozens of other cryptocurrencies such as ETH, USDTBUSD, ADADAI, DOGE, SHIB and TRX. He bitcoin (BTC) address holding the 56.28 BTC You have not moved any funds since your last transaction at 3:20 am on March 18. Some digital currencies were transferred to different locations, and a fraction was sent to the decentralized exchange (DEX) platform Uniswap.
General Bytes has experienced problems before, recording a security flaw on August 18, 2022. The attacker at the time took advantage of a zero-day attack to "remotely create an administrator user through the CAS administrative interface via a URL call on the page that was use for the default installation on the server and create the first admin user.โ
Regarding the hack on March 17 and 18, 2023, General Bytes revealed not only the addresses used in the attack, but also three IP addresses used by the attacker. The source who spoke to Bitcoin.com News on Saturday night further noted that while his company's system was hacked, the company runs a full node that is "locked down enough" to prevent the attacker from accessing the funds. .
What do you think about the breach that affected General Bytes? Share your thoughts on this topic in the comments section below.
image credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. It is not a direct offer or a solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service or company. bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.
