Bitcoin ATM maker General Bytes attacked again by hackers

An attacker hacked the cloud service of the Bitcoin ATM maker General Bytes and the autonomous servers of device operators, gaining access to personal information and funds.

On March 17-18th, 2023, GENERAL BYTES experienced a security incident.

We released a statement urging customers to take immediate action to protect their personal information.

We urge all our customers to take immediate action to protect their funds and https://t.co/fajc61lcwR… https://t.co/g5FGqvqZQ7

— GENERAL BYTES (@generalbytes) March 18, 2023

The incident occurred on March 17–18. The hacker was able to remotely load a Java application through a service interface used by terminals to upload video to a server. This allowed him to:

• gain access to the database;
• read and decrypt API-keys used to access funds in hot wallets and on exchanges;
• send funds from user addresses;
• download usernames, password hashes and disable 2FA;
• obtain information from the event log to identify clients’ private keys scanned at the ATM.

“С 2021 года мы провели несколько аудитов безопасности и ни один из них не обнаружил уязвимость”, — отметили в компании.

The company said that General Bytes decided to shut down its cloud service. The team urged Bitcoin ATM operators to switch to standalone servers. It also strongly recommended replacing all CAS service user passwords, API keys, and client access credentials. The company noted that for connecting a terminal you should use a firewall and VPN.

The developers released patches to fix the bug that the attacker exploited. They also intend to conduct several independent security checks in the near future.

General Bytes did not disclose the extent of losses or the number of affected users. Company specialists identified the crypto wallets involved in the attack. At the Bitcoin network address bc1qfa8pryacrjuzp9287zc2ufz5n0hdthff0av440, all transactions have occurred since March 17, and at the time of writing the balance stood at 56.3 BTC (~$1.58 million).

According to Coin ATM Radar, the number of General Bytes cryptocurrency ATMs installed worldwide reached 9,534 units. The figure increased compared with the second half of 2022, when the deployment rate of such devices plummeted.

In August, hackers breached the cryptographic settings of General Bytes’ Bitcoin ATMs and gained the ability to transfer funds deposited into the machines to their wallets.