21 March 2023

Bitcoin ATM maker General Bytes suffers a $1.5M hack


Bitcoin ATM maker General Bytes suffers a $1.5M hack

Major crypto ATM manufacturer General Bytes has disclosed a security breach, where hackers stole over $1.5 million in cryptocurrency using a zero-day vulnerability in its software.

The incident took place on March 17-19, the crypto ATM manufacturer said.

According to a security advisory published by General Bytes, the threat actor uploaded a malicious Java application remotely via the master service interface used by terminals to upload videos and run it using batm user privileges. This allowed the attacker to access the database, read and decrypt API keys used to access funds in hot wallets and exchanges, steal funds from hot wallets, download user names with their password hashes and turn off two-factor authentication, as well as access terminal event logs and scan for any instance where customers scanned private key at the ATM.

The company describes the attack scheme as follows:

1. The attacker identified a security vulnerability in the master service interface used by Bitcoin ATMs to upload videos to server.

2. The attacker scanned the Digital Ocean cloud hosting IP address space and identified running CAS services on ports 7741, including the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean.

3. Using this security vulnerability, attacker uploaded his own application directly to application server used by admin interface. Application server was by default configured to start applications in its deployment folder.

General Bytes noted that it has conducted multiple security audits since 2021 and none of them revealed the presence of the zero-day vulnerability exploited in this attack. The company said it shutdown its cloud service as “it is theoretically (and practically) impossible to secure a system granting access to multiple operators at the same time where some of them are bad actors.”

Last August, General Bytes suffered a similar incident, which saw threat actors made off with cryptocurrency stolen through the exploitation of a zero-day bug in General Bytes Bitcoin ATM servers.


Back to the list

Latest Posts

Cyber Security Week in Review: June 14, 2024

Cyber Security Week in Review: June 14, 2024

In brief: Arm warns of actively exploited Mali GPU zero-day, Microsoft delays the release of its AI-powered Recall feature, and more.
14 June 2024
TellYouThePass ransomware weaponizes recently patched PHP flaw

TellYouThePass ransomware weaponizes recently patched PHP flaw

Imperva identified several campaigns exploiting the CVE-2024-4577 vulnerability.
13 June 2024
Ukraine neutralizes bot farms involved in hacking Ukrainian soldiers’ phones

Ukraine neutralizes bot farms involved in hacking Ukrainian soldiers’ phones

Additionally, the bot farm was used to spread Russian fake news.
13 June 2024