• General Bytes, a company that operates bitcoin ATMs, lost $1.5 million in BTC due to an attack by cyberthieves.
• The hackers took advantage of a zero-day vulnerability to prevent all transaction losses from being reversed.
• General Bytes has since told its customers that they must now manage their own servers going forward and are cooperating with federal officials on the matter while performing an internal investigation.
General Bytes Bitcoin ATMs Attacked
A group of crypto hackers have drained all the coins and funds from several bitcoin ATMs throughout the world hosted by a company called General Bytes. The hackers took advantage of what’s referred to as a zero-day vulnerability to prevent all transaction losses from being reversed, resulting in the company losing $1.5 million in BTC.
General Bytes Responds
General Bytes explained in a statement that they were working around the clock to collect data regarding the security breach and are continuously working to resolve all cases and help clients back online as soon as possible. In a separate post, the company explained how it was that the hackers were able to gain control of the machines and flee with so much money.
Security Vulnerability Exploited
The attackers identified a security vulnerability in the master service interface used by BATMs (bitcoin ATM) to upload videos to CAS (cloud application server). They then scanned Digital Ocean’s IP address space which is managed by cloud host Digital Ocean and identified running CAS services on ports 7741 including General Bytes Cloud Service and other BATM operators running their servers on Digital Ocean before exploiting this vulnerability by uploading Java applications directly into the application server used for admin interface.
Going Forward
General Byte has since told its customers that from here on out, it will no longer be managing CASes on behalf of its users meaning terminal holders will be required to manage all future servers themselves. Right now, the company is collecting data from customers so it can get an idea of what their individual losses were while also cooperating with federal officials on the matter and performing an internal investigation into what occurred.
Conclusion
Overall, General Bytes was shocked by this incident given they had undergone “multiple security audits” over past two years without noticing vulnerabilities such as these until now; however, they are doing everything they can to keep their affected customers afloat while reviewing their security procedures going forward.