A Bitcoin ATM manufacturer has shut down its cloud services due to a security issue that let an attacker access customers’ hot wallets and steal private information.
Prague-based company General Bytes issued a warning on 18 March saying that the hacker had remotely uploaded a Java application to its terminals, hoping to steal user information and funds stored in hot wallets.
The company has sold more than 15,000 Bitcoin ATMs to buyers in nearly 150 countries around the globe, according to its website.
General Bytes founder, Karel Kyovsky, said the hack gave the perpetrator the ability to access the company’s database, decrypt API keys used to access hot wallet and exchange funds, and even download passwords and turn off two-factor authentication.
“We’ve concluded multiple security audits since 2021, and none of them identified this vulnerability,” Kyovsky said.
The company has not disclosed how much cryptocurrency was stolen by the hacker, but it has released details of 41 wallet addresses that were used in the attack.
On-chain analysis from Blockchair shows that one of these wallets has a balance of 56 Bitcoin after more than 30 deposits were sent to it during the attack.
In response, General Bytes has advised Bitcoin ATM operators to install a standalone server and released patches for their own Crypto Application Server, which is used to manage ATMs.
“Please keep your CAS behind a firewall and VPN. Terminals should also connect to CAS via VPN,” Kyovsky said.
“Additionally consider all your user’s passwords, and API keys to exchanges and hot wallets to be compromised. Please invalidate them and generate new keys & password.”
The compromise is not the first that has befallen General Bytes.
Last September, its servers suffered a zero-day attack that let hackers takeover as default administrators and adjust settings to transfer funds to their own addresses.
Want to learn more about blockchain from industry leaders? Check out Blockchain Expo taking place in Amsterdam, California and London.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
