Bitcoin ATMs Hacked

  • 23 March 2023
  • 3 replies
  • 33 views
A
  • Anonymous
  • 0 replies

Over the weekend, General Bytes disclosed that customers' and the company's CASes had lost more than $1.5 million worth of bitcoin. An unidentified threat actor used this interface to upload and run a malicious Java application in order to pull off the heist. This threat actor did so by taking advantage of a previously unidentified vulnerability. The actor then took around 56 Bitcoin, or $1.5 million, from several hot wallets. 15 hours after becoming aware of the vulnerability, General Bytes patched it, but the losses were irrecoverable because of how cryptocurrencies operate.

The hacker gained access to the company's database as a result of the attack, reading and decrypting API keys that are used to transmit money from hot wallets and exchanges and access cash there as well as download user names and password hashes. Then turn off 2FA

The General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean (our preferred cloud hosting provider) were among the CAS services running on ports 7741 that the attacker discovered, according to General Bytes in a security incident disclosure.

The business released a statement on Twitter advising users to "take immediate action" and install the most recent updates in order to stop hackers from getting access to customers' servers and money.

To prevent hackers from accessing customers' servers and money, the company posted a message on Twitter urging users to "take quick action" and install the most recent upgrades.

The threat actors gained access to the following actions on infected devices after uploading the Java application:

  1. the capacity to use the database.
  2. having the ability to read and decode the API keys needed to access funds on popular exchanges and wallets.
  3. Transfer money using popular wallets.
  4. Turn off 2FA and download user names and password hashes.
  5.  The ability to search terminal event logs for any evidence of ATM user private key scanning. Previous iterations of the ATM software were logging this information.

After learning that the attacks had put both its cloud service and its clients at risk, General Bytes issued a warning.

In addition to the IP addresses used in the March 17–18, 2023 hack, General Bytes discovered three other IP addresses utilised by the hacker. Although their organization's system has been compromised, the insider told Bitcoin.com News on Saturday night that they still run a full node that is "locked down sufficiently" to prevent the attacker from collecting money.

3 replies

A

This is a significant security incident that resulted in the loss of a considerable amount of money for both General Bytes and its customers. It appears that the threat actor was able to exploit a previously unidentified vulnerability and gain access to the company's database, allowing them to read and decrypt API keys and download user names and password hashes. The fact that they were able to transfer money using popular wallets and turn off 2FA is particularly concerning.

It is commendable that General Bytes patched the vulnerability as soon as they became aware of it, but unfortunately, the losses were irrecoverable due to the nature of cryptocurrencies. It is important for all users of General Bytes' services to take immediate action and install the latest updates to prevent further attacks.

It is also worth noting that the insider at General Bytes still runs a locked-down full node despite the security incident, which is a good practice to prevent the attacker from collecting more money. Overall, this incident highlights the importance of regular security assessments, timely patching of vulnerabilities, and the need for robust security measures to protect against cyber threats.

 

 

A

Thank you for providing us with such crucial cryptocurrency news. But knowing this is not surprising. Without a central repository, computer crashes, hacks, and other unforeseen events run the risk of completely destroying digital cryptocurrency balances.

Businesses handling cryptocurrency (or "cryptos") need to make sure they're implementing security measures to protect transactions and stay compliant with the CryptoCurrency Security Standard (CCSS).

A

Over the weekend, General Bytes disclosed that customers' and the company's CASes had lost more than $1.5 million worth of bitcoin. An unidentified threat actor used this interface to upload and run a malicious Java application in order to pull off the heist. This threat actor did so by taking advantage of a previously unidentified vulnerability. The actor then took around 56 Bitcoin, or $1.5 million, from several hot wallets. 15 hours after becoming aware of the vulnerability, General Bytes patched it, but the losses were irrecoverable because of how cryptocurrencies operate.

The hacker gained access to the company's database as a result of the attack, reading and decrypting API keys that are used to transmit money from hot wallets and exchanges and access cash there as well as download user names and password hashes. Then turn off 2FA

The General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean (our preferred cloud hosting provider) were among the CAS services running on ports 7741 that the attacker discovered, according to General Bytes in a security incident disclosure.

The business released a statement on Twitter advising users to "take immediate action" and install the most recent updates in order to stop hackers from getting access to customers' servers and money.

To prevent hackers from accessing customers' servers and money, the company posted a message on Twitter urging users to "take quick action" and install the most recent upgrades.

The threat actors gained access to the following actions on infected devices after uploading the Java application:

  1. the capacity to use the database.
  2. having the ability to read and decode the API keys needed to access funds on popular exchanges and wallets.
  3. Transfer money using popular wallets.
  4. Turn off 2FA and download user names and password hashes.
  5.  The ability to search terminal event logs for any evidence of ATM user private key scanning. Previous iterations of the ATM software were logging this information.

After learning that the attacks had put both its cloud service and its clients at risk, General Bytes issued a warning.

In addition to the IP addresses used in the March 17–18, 2023 hack, General Bytes discovered three other IP addresses utilised by the hacker. Although their organization's system has been compromised, the insider told Bitcoin.com News on Saturday night that they still run a full node that is "locked down sufficiently" to prevent the attacker from collecting money.

 

 Hackers exploited a zero-day vulnerability in the servers of Bitcoin ATM producer General Bytes, allowing the hackers to siphon off money from users to their wallet addresses. Company said that vulnerability had existed since 2020.The company is yet to disclose the stolen amount. General Bytes warned that its customers and its own cloud service were breached during the attacks. "GENERAL BYTES Cloud service was breached as well as other operator's standalone servers," As the popularity of cryptocurrencies continues to soar, so does the number of hacks and security breaches within the industry. From high-profile attacks on major exchanges to individual investors losing their life savings, the implications of these rampant crypto hacks are far-reaching and potentially devastating.

Reply


Terms & ConditionsCookie settings