- In a “Security incident,” General Bytes’ Hot-wallets were compromised.
- The Bitcoin ATM manufacturer has announced to repay the victims of the hack.
After the “security incident,” which compromised hot wallets, Bitcoin ATM manufacturer General Bytes will repay its cloud-hosted customers’ losses. As reported by the media, a hacker managed to access sensitive information, like private keys, passwords, and funds, from hot wallets between March 17 & 18. A detailed attack report came to light on March 23.
The Attack on General Bytes
The Prague-based Bitcoin manufacturer General Bytes sold more than 15,000 BTC ATMs in nearly 149 countries worldwide. Per a March 18 bulletin, the manufacturer issued a general warning that a hacker managed to remotely upload and run a specific Java application through a master service interface into the terminals. This application is for stealing users’ information and looting hot wallets.
In a bulletin released by the founder of General Bytes, Karel Kyovsky said that this remote download had allowed the hacker to access the database. Allowing reading and decryption of API keys to access hot wallet funds and exchanges. Furthermore, the hacker could also download user names and password hashes and turn off the two-factor authentication.
The hacker managed to gain the ability to access the logs of terminal events and was able to scan the instances where customers scanned their private keys. The older software installed at these ATMs logged these pieces of information.
How is General Bytes handling the situation?
As per their media statement, General Bytes have been trying to salvage the situation and decided to refund the victims. They also initiated measures to prevent the reoccurrence of the incident. After investigation, the ATM manufacturer discovered that the 21 wallets connected to the hacker were deposited with nearly 56 BTCs worth more than $1.5 million and nearly $37,000 worth of 21.82 Ether.
General Bytes have claimed that they have accessed the situation in detail and are trying to improve their security measures to avoid repeating such events. They halted their cloud services after discovering the vulnerability, which allowed the hacker to access users’ information and exploit hot wallets.
An in-depth study of the incident reveals that the hacker was able to send some funds from the affected hot wallets. They released a list of 41 wallet addresses used in the attack. On-chain data then reveals the transaction details. However, they clarified in the media statement that the attack did not affect the ATM operators who used self-hosted server installations. Their VPN technology protected their infrastructure.
General Bytes Message to Other ATM Operators
Following the incident, the Bitcoin manufacturer, General Bytes, has urged other BTC ATM operators to install their personal, stand-alone servers. They also released two patches for the Crypto Application Server (CAS) to manage the ATM’s operation.
They requested others to keep the firewall and VPN after the CAS; all terminals must be connected to the CAS via VPN. All the users’ passwords and API keys to exchanges and hot wallets are possibly compromised; hence, regenerating new passwords and keys would be advisable.
The crypto industry is unfamiliar with such attacks; they have always learned about weak spots. This has made them stronger with every attack.
Source: https://www.thecoinrepublic.com/2023/03/28/btc-atm-maker-general-bytes-to-repay-the-victims-of-recent-hack/