Bitcoin ATM manufacturer, General Bytes, hacked for over $1.5m 

General Bytes, a bitcoin automated teller machine (ATM) manufacturer, has lost over $1.5m of bitcoin (BTC) following an exploit on Mar. 17 and 18.

General Bytes hacked

In a security update on Mar. 18, General Bytes said the hacker, or a group of hackers, found an exploit on their master service interface before using it to send funds to their hot wallets. Following this hack, General Bytes was temporarily forced to shut down as it assessed the damage caused.

General Bytes admit that hackers could access their database through the master service interface. Subsequently, the attackers could download usernames, password hashes, and, critically, turn off user two-factor authentication (2FA). They could also decrypt API keys to send funds to hot wallets and exchanges. Because of this leeway, the hacker could automatically send funds from hot wallets.

 Hackers eventually stole 56.28 BTC from about 15 to 20 ATM operators through this flaw. When writing on Mar. 19, the address still held 56.28 BTC; no funds had been transferred.

Another of the hacker’s addresses also held over 21 ETH.

The hacker also liquidated coins and tokens, including Cardano (ADA), Dogecoin (DOGE), and USDT.

Migrating to self-hosted servers

Considering the extent of this hack, it has been reported that General Byte’s servers would have to be redesigned and built from the ground up. 

Moreover, since the ATM manufacturer is discontinuing its cloud service following this exploit, there are reports that it would urge its operators to use standalone servers. Operators will be assisted in migrating data from the cloud to their servers.

“It is theoretically (and practically) impossible to secure a system granting access to multiple operators at the same time where some of them are bad actors. You’ll need to install your own Standalone server. GB support will help you migrate your data from the GB Cloud to your own Standalone server.”

General Bytes has had trouble with their servers before. In August 2022, hackers staged a zero-day attack on their servers, stealing funds. Through this exploit, hackers made themselves default admins and adjusted exploited ATM’s settings so that depositing addresses were their hot wallets.