General Bytes ATMs Attacked By Cyberthief, $1.5 Million in BTC Gone
A group of crypto hackers have drained all the coins and funds from several bitcoin ATMs throughout the world hosted by a company called General Bytes.
General Bytes Loses a Lot of Money
The hackers took advantage of what’s referred to as a zero-day vulnerability to prevent all transaction losses from being reversed. General Bytes explained in a statement:
The night of 17-18 March was the most challenging time for us and some of our clients. The entire team has been working around the clock to collect all data regarding the security breach and is continuously working to resolve all cases to help clients back online and continue to operate their ATMs as soon as possible. We apologize for what happened and will review all our security procedures and are currently doing everything we can to keep our affected customers afloat.
In a separate post, the company explained how it was that the hackers were able to gain control of the machines and flee with so much money:
1. The attacker identified a security vulnerability in the master service interface the BATMs use to upload videos to the CAS. 2. The attacker scanned the IP address space managed by cloud host Digital Ocean to identify running CAS services on ports 7741, including the General Bytes Cloud service and other BATM operators running their servers on Digital Ocean. 3. Exploiting the vulnerability, the attacker uploaded the Java application directly to the application server used by the admin interface. The application server was, by default, configured to start applications in its deployment folder.
General Bytes has since told its customers that from here on out, it will no longer be managing CASes on behalf of its users. In other words, terminal holders will be required to manage all future servers themselves. Right now, the company is in the middle of collecting data from customers so it can get an idea of what their individual losses were. The firm is also cooperating with federal officials on the matter and performing an internal investigation to better understand what occurred.
Trying to See What Happened
Managers of General Bytes said they were extremely disturbed and surprised by the incident given the company has undergone “multiple security audits” over the past two years, and vulnerabilities such as the one that the hackers exploited have never been noticed in the past. The enterprise is presently contacting third-party security firms to see about beefing up protection in the coming months.
The issue with most crypto-based ATMs is that the wallets stored within them are referred to as “hot wallets,” meaning they are directly connected to the internet. This makes them particularly vulnerable to cyberthieves who can manipulate code and APIs to gain access to said wallets and the funds contained within them.
Source: Read Full Article