- General Bytes Bitcoin ATMs have been compromised again
- A hacker managed to upload software aimed at stealing the user database, hot wallets, and more
- General Bytes has shuttered its compromised cloud service as a result
Bitcoin ATM operator General Bytes yesterday issued notice of a “security incident” that has resulted in the company shuttering its cloud service. The Prague-based company, which says it has sold over 15,000 ATMs to over 149 countries, was forced to act after a hacker was able to upload a Java application remotely to all terminals which allowed them to gain access to the user database, hot wallets, and more. This is the second major hack on General Bytes machines in a year, and there will be many operators who will simply opt out of running the machines following this hack.
Hacker Comprised Hot Wallets
General Bytes revealed in its security update that the attacker managed to identify a security vulnerability in the master service interface used by its Bitcoin ATMs to upload videos to the server, using this backdoor to upload their own application directly to the server, which has an auto-deployment function. The company summed up the issues caused by this interference:
- Ability to access the database.
- Ability to read and decrypt API keys used to access funds in hot wallets and exchanges.
- Send funds from hot wallets.
- Download user names, their password hashes and turn off 2FA.
- Ability to access terminal event logs and scan for any instance where customers scanned private key at the ATM. Older versions of ATM software were logging this information.
This rather terrifying list of compromised areas explains why in the same announcement the company said it was shuttering its cloud service, telling operators that they will now need to install their own standalone server. The company didn’t reveal what, if anything, had actually been stolen in the hack, which either means that this was a shot across the bows for General Bytes or they are hiding the truth of the hack.
Not the First Time
To some, the news of the hack won’t have come as a surprise. In 2021, Kraken Security Labs revealed multiple security flaws in General Bytes machines, including the potential to “install applications, copy files or conduct other malicious activities (such as sending private keys to the attacker).” Sound familiar?
Hackers put these newly discovered access points to good use last August when they managed to infiltrate the servers of General Bytes Bitcoin ATMs and divert funds to their own wallets, with (rather worryingly) General Bytes not revealing the scale of the theft.
The company added in its update that through its “multiple security audits since 2021” it had never identified this vulnerability, which will hardly fill operators with reassurance and suggests that many will simply jack it in rather than putting up with more issues.