[ad_1]
General Bytes experienced security incidents on March 17 and 18 that allowed hackers to remotely access key service interfaces and send funds from hot wallets, according to the company and sources. The breach forced the majority of US-based crypto automated teller machine (ATM) operators to temporarily shut down. The hackers were able to liquidate 56.28 bitcoins, worth about $1.5 million, from about 15 to 20 crypto ATM operators nationwide.
Crypto ATM Operators Temporarily Shut Down After Common Byte Security Breach Allows Hackers to Liquidate $1.5 Million in Bitcoin and Other Cryptocurrencies
The largest cryptocurrency automated teller machine (ATM) maker, General Bytes, has produced 9,505 such machines globally, with thousands located in the United States. On Saturday, March 18, company inform the public the serious security incident that occurred on March 17 as well.
“We issued a statement urging customers to take immediate action to protect their personal information,” the company explained at 4:42 p.m. (ET) on Saturday. “We urge all our customers to take immediate action to protect their funds and personal information and carefully read the security bulletin,” the company added.
General Bytes’ security bulletin says attackers can upload their Java applications remotely using the main service interface, which is normally used by terminals to upload videos. Attackers have access to BATM user rights and can also access databases, read and decrypt API keys used to access funds in hot wallets and exchanges. Additionally, hackers can download usernames, access their password hashes, turn off 2FA, and send funds from hot wallets.
Bitcoin.com News spoke to US-based cryptocurrency automated teller machine (ATM) operators who confirmed that all US operators using General Bytes machines were shutting down nationwide for the night. The operator also mentions that the server has to be rebuilt from the ground up, which can be a lengthy process.
Reportedly, General Bytes is transitioning crypto ATM operators to self-hosted servers. In a security bulletin, General Bytes states that the company is discontinuing its cloud service. Furthermore, the firm explained that they had conducted several security audits since 2021, and none of them had identified this vulnerability.
According to onchain statistics, hackers siphoned 56.28 bitcoins worth around $1.5 million and also liquidated dozens of other cryptocurrencies such as ETH, USDT, BUSD, ADA, DAI, DOGE, SHIB, and TRX. The bitcoin (BTC) address holding 56.28 BTC has not moved funds since its last transaction at 3:20 am on March 18. Some of the digital currency is transferred to different locations, and a small portion is sent to Uniswap’s decentralized exchange (DEX) platform.
General Bytes has encountered the issue before, noting the security flaw on August 18, 2022. The attacker then leveraged a zero-day attack to “remotely create an admin user via the CAS administrative interface via calling the URL on the page used for the default installation on the server and creating the user first administration.”
As for the March 17 and 18, 2023 hacks, General Bytes disclosed not only the addresses used in the attack, but also the three IP addresses used by the attackers. Sources who spoke to Bitcoin.com News on Saturday night further noted that while their company’s systems were hacked, the company was running full nodes that were “locked enough” to prevent attackers from accessing funds.
What do you think of the breach affecting General Bytes? Share your thoughts on this subject in the comments section below.
Source: Bitcoin.com
[ad_2]
Source link