{"id":75822,"date":"2023-03-20T11:17:11","date_gmt":"2023-03-20T09:17:11","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=75822"},"modified":"2025-09-10T13:50:42","modified_gmt":"2025-09-10T10:50:42","slug":"bitcoin-atm-maker-general-bytes-attacked-again-by-hackers","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/bitcoin-atm-maker-general-bytes-attacked-again-by-hackers\/","title":{"rendered":"Bitcoin ATM maker General Bytes attacked again by hackers"},"content":{"rendered":"<p>An attacker hacked the cloud service of the Bitcoin ATM maker General Bytes and the autonomous servers of device operators, gaining access to personal information and funds.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">On March 17-18th, 2023, GENERAL BYTES experienced a security incident.<\/p>\n<p>We released a statement urging customers to take immediate action to protect their personal information.<\/p>\n<p>We urge all our customers to take immediate action to protect their funds and <a href=\"https:\/\/t.co\/fajc61lcwR\">https:\/\/t.co\/fajc61lcwR<\/a>\u2026 <a href=\"https:\/\/t.co\/g5FGqvqZQ7\">https:\/\/t.co\/g5FGqvqZQ7<\/a><\/p>\n<p>\u2014 GENERAL BYTES (@generalbytes) <a href=\"https:\/\/twitter.com\/generalbytes\/status\/1637192687160897537?ref_src=twsrc%5Etfw\">March 18, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>The incident occurred on March 17\u201318. The hacker was able to remotely load a Java application through a service interface used by terminals to upload video to a server. This allowed him to:<\/p>\n<ul class=\"wp-block-list\">\n<li>gain access to the database;<\/li>\n<li>read and decrypt <span data-descr=\"Application Programming Interface \u2014 the application's interface\" class=\"old_tooltip\">API<\/span>-keys used to access funds in hot wallets and on exchanges;<\/li>\n<li>send funds from user addresses;<\/li>\n<li>download usernames, password hashes and disable <span data-descr=\"two-factor authentication\" class=\"old_tooltip\">2FA<\/span>;<\/li>\n<li>obtain information from the event log to identify clients&#8217; private keys scanned at the ATM.<\/li>\n<\/ul>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201c\u0421 2021 \u0433\u043e\u0434\u0430 \u043c\u044b \u043f\u0440\u043e\u0432\u0435\u043b\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0430\u0443\u0434\u0438\u0442\u043e\u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u043d\u0438 \u043e\u0434\u0438\u043d \u0438\u0437 \u043d\u0438\u0445 \u043d\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u201d, \u2014 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438 \u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.<\/p>\n<\/blockquote>\n<p>The company said that General Bytes decided to shut down its cloud service. The team urged Bitcoin ATM operators to switch to standalone servers. It also strongly recommended replacing all CAS service user passwords, API keys, and client access credentials. The company noted that for connecting a terminal you should use a firewall and VPN.<\/p>\n<p>The developers released patches to fix the bug that the attacker exploited. They also intend to conduct several independent security checks in the near future.<\/p>\n<p>General Bytes did not disclose the extent of losses or the number of affected users. Company specialists identified the crypto wallets involved in the attack. At <a href=\"https:\/\/blockchair.com\/bitcoin\/address\/bc1qfa8pryacrjuzp9287zc2ufz5n0hdthff0av440\">the Bitcoin network address<\/a> bc1qfa8pryacrjuzp9287zc2ufz5n0hdthff0av440, all transactions have occurred since March 17, and at the time of writing the balance stood at 56.3 BTC (~$1.58 million).<\/p>\n<p>According to <a href=\"https:\/\/coinatmradar.com\/manufacturer\/5\/general-bytes-bitcoin-atm-producer\/\">Coin ATM Radar,<\/a> the number of General Bytes cryptocurrency ATMs installed worldwide reached 9,534 units. The figure increased compared with the second half of 2022, when the deployment rate of such devices <a href=\"https:\/\/forklog.com\/en\/news\/bitcoin-atm-installations-slowed-sharply-in-the-second-half-of-2022\">plummeted<\/a>.<\/p>\n<p>In August, hackers <a href=\"https:\/\/forklog.com\/en\/news\/hackers-attack-general-bytes-bitcoin-atms\">breached the cryptographic settings<\/a> of General Bytes&#8217; Bitcoin ATMs and gained the ability to transfer funds deposited into the machines to their wallets.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A malicious actor hacked the cloud service of the Bitcoin ATM maker General Bytes and autonomous servers of device operators, gaining access to personal information and funds.<\/p>\n","protected":false},"author":1,"featured_media":75823,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1189],"class_list":["post-75822","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-cryptomats"],"aioseo_notices":[],"amp_enabled":true,"views":"15","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/75822","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=75822"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/75822\/revisions"}],"predecessor-version":[{"id":75824,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/75822\/revisions\/75824"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/75823"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=75822"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=75822"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=75822"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}