• General Bytes ATMs have been hacked and $1.5 Million in BTC was stolen by a group of cyberthieves.
• The hackers employed a zero-day vulnerability to prevent any transaction losses from being reversed.
• General Bytes is now investigating the incident, cooperating with federal officials, and helping customers understand their individual losses.
General Bytes ATMs Attacked
A group of crypto hackers recently drained all coins and funds from several bitcoin ATMs hosted by a company called General Bytes. The attack utilized a zero-day vulnerability which prevented any transaction losses from being reversed.
Damage Done
The extent of the damage done is still uncertain, however the entire team at General Bytes has been working around the clock to assess the security breach and help affected customers get back online as soon as possible. They are currently collecting data to understand each customer’s individual losses caused by this incident.
Security Procedures Reviewed
In response to this attack, they will no longer be managing CASes on behalf of its users and are reviewing all security procedures to ensure that such an event does not happen again in future.
How It Happened
The hacker identified a security vulnerability in the master service interface which allowed them to upload malicious Java applications directly to the application server used for admin interface access. This server had been left configured to start applications in its deployment folder by default which enabled them take control of the machines easily and flee with so much money undetected.
Conclusion
General Bytes is deeply disturbed by this incident given it has undergone multiple security audits over the past two years without any vulnerabilities being detected prior to this one. They are continuing their investigation into what happened while also cooperating with federal officials on resolving this matter completely and returning money lost back into customers‘ hands as soon as possible.
