One of the challenges of the crypto industry is cybercrime. These nefarious activities come in diverse strategies such as network hacks, phishing, exploits, etc. 2022 was one of the worst years for the industry as many projects and DeFi protocols recorded massive losses to bad actors.
This year, 2023, has also seen vast exploits, including the most recent Euler Finance hack. Another exploit has just pushed a Bitcoin ATM maker, General Bytes, to shut down its cloud services.
The attackers compromised many users’ hot wallets and stole private keys, passwords, etc., stealing crypto assets. The attackers were able to breach the company’s cloud services and other operators’ standalone servers.
Bitcoin ATM General Bytes Loses Funds To Hackers
General Bytes hasn’t disclosed the total amount of funds the attackers stole from users’ hot wallets but it has shared details of how the exploit happened. The hacker first uploaded and ran a Java application into Bytes’ terminals through the master service interface. The aim was to steal users’ information and send funds from their wallets.
The company sent a patch release bulletin, warning users of the discovery. Also, General Bytes founder Karel Kyovsky revealed that gaining access to Bytes’ terminals enabled hackers to access the company’s database. It also allowed them to read and decrypt API keys to access funds in hot wallets and exchanges.
Furthermore, the hackers downloaded users’ password hashes and their user names, turned off 2-factor authentication, and even sent out funds from hot wallets. The bad actors could also access event logs at the terminals to identify private keys scanned at the company’s ATMs, especially the older versions that keep such logs.
Notably, Kyovsky revealed that the firm conducted security audits multiple times in 2021. However, none of the audits discovered this vulnerability.
General Bytes Moves To Protect Crypto Users
So far, General Bytes has identified and shared details of the 41 wallets used in the attack. One of the wallets received multiple transactions and ended with 56 BTC worth $1.54 million. A second wallet received many ETH transactions, up to 21.82 ETH, worth almost $36,000 at market price.
The press bulletin also shared some steps users can take to protect themselves from losing everything. First, General Bytes mandates ATM operators to install standalone servers. It released two patches for its Crypto Application Server (CAS) managing the ATM operations.
Kyovsky further advised operators to keep the CAS behind a VPN and firewall; the Terminals should only connect CAS through a VPN. Regarding the passwords and API keys, the founder asked the operators to invalidate them and create new ones since they were compromised.
To the experts and security companies, ATM maker stated it aims to conduct many independent security audits and requires the help of any firm that could help.
Featured image from Pixabay and chart from Tradingview.com