Major Cryptocurrency ATM Manufacturer General Bytes Hacked, Over $1.5M in Bitcoin Stolen

Read full article at Bitcoin News.

General Bytes experienced a security incident on March 17 and 18 that enabled a hacker to remotely access the master service interface and send funds from hot wallets, according to the company and sources. The breach forced a majority of U.S.-based crypto automated teller machine (ATM) operators to temporarily shut down. The hacker was able to liquidate 56.28 bitcoins, worth approximately $1.5 million, from about 15 to 20 crypto ATM operators nationwide.

Crypto ATM Operators Temporarily Shut Down After General Bytes Security Breach Enables Hacker to Liquidate $1.5M in Bitcoin and Other Cryptocurrencies

The largest cryptocurrency automated teller machine (ATM) manufacturer, General Bytes, has produced 9,505 such machines globally, with thousands located in the United States. On Saturday, March 18, the company informed the public of a serious security incident that occurred on March 17 as well.

“We released a statement urging customers to take immediate action to protect their personal information,” the company explained at 4:42 p.m. (ET) on Saturday. “We urge all our customers to take immediate action to protect their funds and personal information and carefully read the security bulletin,” the firm added.

General Bytes’ security bulletin said the attacker was able to remotely upload their own Java application using the master service interface, which is typically used by terminals to upload videos. The attacker had access to BATM user privileges and was also able to access the database, read and decrypt API keys used to access funds in hot wallets and exchanges. In addition, the hacker could download usernames, access their password hashes, turn off 2FA, and send funds from hot wallets. News spoke with a U.S.-based cryptocurrency automated teller machine (ATM) operator who confirmed that all U.S. operators using General Bytes machines were shut down nationwide for the evening. The operator also mentioned that servers would have to be rebuilt from the ground up, which can be a lengthy process.

Reportedly, General Bytes is transitioning crypto ATM operators to self-hosted servers. In the security bulletin, General Bytes stated that the company is discontinuing its cloud service. Furthermore, the firm explained that it had conducted multiple security audits since 2021, and none of them had identified this vulnerability.

According to onchain statistics, the hacker siphoned 56.28 bitcoins worth approximately $1.5 million and also liquidated dozens of other cryptocurrencies such as ETH, USDT, BUSD, ADA, DAI, DOGE, SHIB, and TRX. The bitcoin (BTC) address holding the 56.28 BTC has not moved the funds since its last transaction at 3:20 a.m. on March 18. Some digital currencies were transferred to different locations, and a fraction was sent to the decentralized exchange (DEX) platform Uniswap.

General Bytes has experienced issues before, recording a security flaw on August 18, 2022. The attacker at the time leveraged a zero-day attack to “create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.”

As for the March 17 and 18, 2023 hack, General Bytes not only disclosed the addresses used in the attack but also three IP addresses used by the attacker. The source who spoke with News on Saturday evening further noted that while their firm’s system was hacked, the company runs a full node that’s “locked down enough” to prevent the attacker from accessing funds.

What do you think about the breach that affected General Bytes? Share your thoughts about this subject in the comments section below.

This article is strictly for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. does not provide investment, tax, legal, business or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any loss or damage caused or alleged to be caused by, or in connection with, the use of or reliance on any content, goods, services or opinions mentioned in this article.

#Bitcoin #Cryptocurrency #Crypto

Related articles

Metaverse Company Appoints Robot As Female CEO – Hasta La Vista Baby!

Read full article at Bitcoinist.This CEO just got a job to oversee operations at this popular Chinese gaming and metaverse company. She is a robot by the way. Seriously. NetDragon Websoft introduced “Ms. Tang Yu” – the world’s first chief executive officer and she is a humanoid which means electrical impulses and digital codes flow […]

Learn More

New AI Chatbot Emerges As Potential Rival, Sparks Debate Over ChatGPT’s Future

Read full article at Coingape.The debut of OpenAI’s conversational chatbot ChatGPT, which caused quite a stir on the internet, is likely the most important advancement in the field of artificial intelligence (AI) that took place in recent years. Within just a few short months, approximately one million unique users are having conversations with the AI […]

Learn More

NFTSTAR and Neymar Jr․ to Release Beastmode Metaverse HUMAN NFT Drop

Read full article at Bitcoin News.PRESS RELEASE. The9 Limited (Nasdaq: NCTY) (“The9”), an established internet company, has newly announced that its NFT community NFTSTAR is releasing the next drop of exclusive NFTs in collaboration with professional Brazilian international footballer Neymar da Silva Santos Júnior. The collaboration so far has been a huge success, with the […]

Learn More