Zero-Day Bug Allows Crypto Hackers to Drain $1.6M From Bitcoin ATMs

After its second cyberattack in under a year, General Bytes urges customers to up the security on their personal accounts to prevent losses from hackers.

Dark Reading Staff, Dark Reading

March 21, 2023

1 Min Read
a gold coin with detailed wiring engraved on the side
Source: Klaus Ohlenschlaeger via Alma Stock Photo

Over St. Patrick's Day weekend, unidentified hackers stole more than $1.6 million in cryptocurrency from Bitcoin ATMs owned by General Bytes.

In what the ATM owner called a security incident of the highest severity, threat actors were able to exploit a zero-day flaw by uploading "his own java application remotely via the master service interface used by terminals to upload videos, and run it using batm user privileges," the advisory released by General Bytes stated.

Once the attackers were able to accomplish this, they secured access to the database, where they were able to "read and decrypt API keys used to access funds in hot wallets and exchanges, send funds from hot wallets, and download usernames, password hashes" as well as turn off the two-factor authentication (2FA) feature. 

This cryptocurrency-related breach is the second aimed at General Bytes in under a year, the last of which occurred less than a year ago, in August.

Though the company has stated that it has run multiple security audits since 2021, this was a vulnerability that was never caught. General Bytes advises its terminal operator customers to keep their servers behind firewalls and VPNs, as well as assume that the passwords and API keys to exchanges and hot wallets used by end users are compromised — and should be changed accordingly.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights