Bitcoin ATM Firm General Byte Shut Down Cloud Service after Exploit

Bitcoin (BTC) ATM manufacturer General Byte has come under attack by a hacker who introduced his Java application into the company’s platform.

Once the Java application was present in the General Byte BTC ATM, the bad actor was able to read and decrypt API keys on the platform. This gave them unauthorized access to the database and aided the transfer of funds on several exchanges and hot wallets.

“The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using batm user privileges.” Also, the hacker was able to “download user names, their password hashes and turn off 2FA” and “scan for any instance where customers scanned private keys at the ATM.”

Hacker Carts Away With $1.5M Worth of BTC

According to several sources, more than 56.28 Bitcoin worth approximately $1.5 million has been siphoned from about 15 to 20 crypto ATM operators globally. This has led to a forced closure for many of these operators that suffered losses. Karel Kyosky, the owner of General Byte described the attack on the crypto ATMs as one with the highest severity.

The day after the incident occurred, General Byte released a statement urging users to keep their personal information confidential. “We released a statement urging customers to take immediate action to protect their personal information. We urge all our customers to take immediate action to protect their funds and personal information and carefully read the security bulletin.”

Since the General Byte Cloud Service was breached alongside other operators’ standalone servers, the company decided to shut down the service as a solution. Operators were also advised to install their standalone server to avoid a future recurrence. Other security fix were also outlined for users to safeguard the new keys which they are expected to generate.

General Byte promised to provide support where necessary to aid the easy transfer of their data from the firm’s Cloud service to the operator’s standalone servers.

Noteworthy, the BTC ATM manufacturer experienced a similar exploit in August 2022. However, the hackers in this case posed as default administrators and tampered with the crypto settings of the two-way machine. 

“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user. This vulnerability has been present in CAS software since version 20201208.”