- Karel Kyovsky announces that an attack has been carried out on its server, compromising all hot wallets.
- General Bytes has opted to halt its cloud service due to the hack.
- The hacker was able to take advantage of a security vulnerability.
On March 18, the maker of Bitcoin ATM—General Bytes—announced that its hot wallets had been compromised. Hence, it would be halting its temporary service to address this issue.
According to the statement published on its website, the founder of General Bytes, Karel Kyovsky, stated that this severe attack could result in many customer casualties, such as granting the hacker access to vital information like passwords and API Keys.
Kyovsky maintained that this security risk was of the highest level as the hacker could upload a java application remotely through the master service interface to steal user information and transfer funds from hot wallets.
How Did It Happen?
Karel Kyovsky acknowledged that the hacker discovered a security vulnerability in the master service interface, which BATMs (Bitcoin ATMs) used to upload videos.
By hacking the Bitcoin ATMs cloud services, the hacker was able to achieve various things like gaining access to the database, transferring funds from hot wallets, reading and decrypting API keys used in accessing funds stored in hot wallets and crypto exchanges, downloading usernames passwords and turning off Two Factor Authentication (2FA), and more.
Having sold over 15,000 BTC ATMs, General Bytes issued a warning to all its users, advising them to take necessary precautions, protect their user information, and change their passwords.
Additionally, the BTC ATM maker admitted to not being the only one compromised, as other operators’ standalone servers were also caught in the crossfire.
The hacker examined the Digital Ocean Cloud hosting IP address space and noticed several operating CAS services, which included the General Bytes Cloud service. The hacker then used the security vulnerability to their advantage by uploading a java application to the application server used by the admin interface.
The founder of General Bytes claimed that the company has had several security audits since 2021, and none of the results showed this vulnerability.
How Much Was stolen?
Although the company mentioned that the hacker could transfer funds from hot wallets, it did not state the stolen amount.
Though the company disclosed 41 wallet addresses that were used in the hack, the on-chain record reveals that several transactions were made to one wallet (BC1QFA8), resulting in 56 BTC worth over $1 million. At the same time, other data shows that multiple transactions totaling $36,000 were made in ETH (21.82 ETH).
What Next?
In the announcement, the founder of General Bytes stated that it would be halting its cloud services, and users would have to install their standalone server. He also advised that users’ CAS be kept behind a firewall and VPN.
Lastly, he advised users to treat all their API keys and passwords as compromised, so they were to generate new ones.
Conclusion
Crypto hackers have been unrelenting this year as more news of hackers keeps swarming the crypto industry. General Bytes, the maker of BTC ATMs, announced that it had been hacked and all hot wallets had been compromised due to a fault not picked up in past security audits.
