Hacker Hacker Hacks Crypto ATM General Bytes, Takes 56 Bitcoins Away

JAKARTA - On March 17 and 18, 2023, the world's largest crypto teller machine maker (ATM), General Bytes, experienced a security incident that allowed a hacker to remotely access the main service interface and send funds from a hot wallet.

Additional information, hot wallets are a type of digital wallet in the form of applications that are connected to the internet and used to store crypto in the short term. Hot wallets can be used to process transactions quickly and easily because they are connected to the internet.

The incident forced most crypto ATM operators in the US to temporarily shut down their services. Hackers managed to sell 56.28 bitcoins worth about 1.5 million US dollars (Rp23 billion) from around 15 to 20 crypto ATM operators across the country.

On Saturday, March 18, the company issued a statement urging customers to take immediate action to protect their personal information. They also asked customers to take immediate action to protect their personal funds and information and read the security bulletin.

Regarding this problem, General Bytes stated that hackers can upload their own Java application remotely using the main service interface that is usually used by terminals to upload videos.

Hackers are reported to have access to the rights of BATM users and can also access databases, read and decrypt the API key used to access funds on hot wallets and exchanges. In addition, hackers can also download usernames, access password hash, turn off 2FA, and send funds from hot wallets.

Although the company will move crypto ATM operators to its own hosted servers, this incident is very detrimental. US crypto ATM operator interviewed by Bitcoin.com News confirmed that all US operators using General Bytes machines are closed across the country. According to reports, servers should be built from scratch, which could be a long process.

Hackers managed to steal 56.28 bitcoins worth around Rp23 billion and merged dozens of other cryptocurrencies such as ETH, USDT, BUSD, ADA, DAI, DOGE, SHIB, and TRX. Several digital currencies were transferred to different locations, and a small part was sent to the Uniswap decentralized exchange platform (DEX).

This is not the first incident experienced by General Bytes. Previously, on August 18, 2022, General Bytes had experienced previous security concerns, Bitcoin.com News reported.

Hackers at the time used a zero-day attack to "make admin users remotely through the CAS administration interface via URL call on the page used for the default installation on the server and create the first administrative user." However, no safety flaws have been found in a series of company security audits since 2021 until this incident occurred.