bitcoin ATM maker shuts cloud service
A hacker installed and ran a Java application in a Bitcoin ATM made by General Bytes that accessed user information and sent funds from a hot wallet. Therefore, bitcoin ATM maker shuts cloud service after user hot wallets are compromised.
A security Vulnerability” discovered by Bitcoin ATM Manufacturer General Bytes allowed attackers. He allowed access to users’ hot wallets and sensitive information, such as passwords and private keys.
Based in Prague, the company has sold over 15000 Bitcoin ATMs to buyers in 149 countries worldwide.
Using the master interface, a hacker can remotely upload and run a java application on ATMs. It can steal user information and send funds from hot wallets. The ATM manufacturer issued it on March 18.
Founder Karel Kyovsky clarified in the bulletin that it allowed the hacker to achieve access to the database and to read and decrypt API keys used to access funds in Hot wallet. Not only this, but it also sends funds from a hot wallet, downloads a username and password, and turns off 2FA.
He also said they have decided on multiple security audits since 2021, but none identified this vulnerability.
It’s a remarkable ability to access lethal event logs and scan in any case where customers reviewed private keys at the ATM. The older form of ATM software was logging this information.
This notice discloses that Both General Bytes’ cloud service and other operators’ separate servers had broken.
The company didn’t disclose how many funds were stolen due to the breach, even though it observed that the hacker could send funds from hot wallets.
Still, General Bytes revealed all the details of 41 wallet addresses used in the attack. While observing, it’s clear that on-chain data display the different transactions in one of the wallets. It results in a total balance of 56BTC, worth over $1.54 million at current prices.
The total received amounts to 21.82 ETH, worth roughly $36000 at current prices. Another wallet shows multiple Ether (ETH) dealings with the former one.
The company has urgently guided BTC ATM drivers to install their standalone server. It also recommends two patches for its Crypto Application Server (CAS). It manages the ATM’s procedures.
Kyovsky also said you must keep your Crypto Application Server behind a firewall and VPN.
He also said that you must consider all your data, like the user’s password and API keys, to exchange and hot wallets to compromise. He states that you must cancel all of them and generate new keys and passwords.
Last September, General Bytes previously had its servers compromised through the zero-day attack. So, it’s clear why bitcoin ATM maker shuts cloud service after user hot wallets are compromised.
It enabled the hackers to make themselves the default administrators and modify settings. So that all funds would transfer quickly.