General Bytes, a BTC ATM producer, closed its cloud services due to a “security vulnerability” that allowed bad actors to access customers’ hot wallets and acquire sensitive data, including private keys and passwords.
Hackers Gain Access To Customers’ Data To Steal Funds
According to a patch release bulletin over the weekend, the ATM manufacturer cautioned that a hacker had successfully exploited a Java application through the master service interface of its terminals. Thus, the hacker can remotely steal user data and transfer assets from hot wallets.
In the bulletin, Karel Kyovsky, the founder of General Bytes, clarified that the security vulnerability enabled the hacker to accomplish the following actions:
“Gain access to the database. Read and decode API keys utilized to access funds in hot wallets and exchanges; transfer funds from hot wallets. Also, they can retrieve customers’ names and password hashes and disable two-factor authentication. Access event logs at terminal ATMs and search for occasions where users scanned their private keys at the ATM.”
Per the announcement, other operators’ cloud service and standalone servers were compromised. Despite conducting several security audits since 2021, none of them detected this vulnerability, according to Kyovsky.
While the company acknowledged that the hacker could transfer funds from hot wallets, there was no disclosure regarding the amount stolen.
Kyovsky Asks BTC ATM Operators To Regenerate New Passwords And API Keys
In the meantime, General Bytes has disclosed the information of 41 wallet addresses the hacker used during the attack. According to on-chain data, one of the wallets received numerous transactions.
This resulted in a combined balance of 56 BTC in that wallet alone. Additionally, the hacker made multiple Ethereum transactions into another wallet, accumulating about 21.82 ETH.
Meanwhile, the firm has issued an urgent recommendation to BTC ATM operators, advising them to set up their standalone servers. Also, they must apply two patches to their Crypto Application Server (CAS) that oversees the operation of the ATM.
In addition, Kyovsky emphasized the need to secure the CAS by placing it behind a VPN and firewall and for terminals to connect to it through a VPN. Furthermore, the company’s founder asked the operators to assume that all API keys and passwords belonging to users’ hot wallets and exchanges had been compromised.
Therefore, he advised the operators to invalidate them and generate new ones. Notably, this advice comes after General Bytes experienced a zero-day attack in September last year, allowing hackers to gain control as default administrators and alter the settings to transfer all funds.
Meanwhile, the company’s website shows that it has sold more than 15,000 Bitcoin ATMs in over 149 nations globally.