• General Bytes, a leading cryptocurrency ATM manufacturer reported it was recently hacked.
• The firm tracked that the hacker involved has reportedly made away with $1.5 million worth of Bitcoin (BTC). 

The week before saw a handful of traditional banks take a massive hit in the United States. This time, crypto seems to have been hit with its own fair share of pushbacks, as a leading global cryptocurrency ATM manufacturer recently got exploited by hackers.

General Bytes, one of the world’s leading cryptocurrency automated teller machine (ATM) manufacturers, experienced a security breach on the 17th and 18th of March.

The hacker went on to liquidate 56.28 Bitcoins, which was valued at a staggering $1.5 million at the time of the attack. The stolen Bitcoins were taken from cryptocurrency ATM operators in the United States. The number of affected operators sitting between 15 and 20. A significant number of ATM operators in the country were forced to shut down briefly.

On the 28th of March, a day after the incident, the firm took to Twitter to inform the public about the incident. The firm notified that a statement has been released, informing customers to ensure that their personal information as well as their funds, are safe.

“On March 17-18th, 2023, GENERAL BYTES experienced a security incident. We released a statement urging customers to take immediate action to protect their personal information.We urge all our customers to take immediate action to protect their funds and personal information and carefully read the security bulletin.” The company wrote in a tweet.

General Bytes details how customers can spot a server breach

In the bulletin, the company explained that the attacker succeeded in uploading his own Java application remotely. This was done using the master service interface which is typically utilized by terminals, to upload and run videos using batm user privileges.

This would later result in gaining access to certain information that would have otherwise been private. The hacker gained the ability to access the database. The data was also able to read and decrypt API keys that are typically used to access funds in hot wallets and exchanges.

Additionally, the hacker could send funds from hot wallets, as well as download user names, their password hashes and switch off their two factor authentication. The hacker could also access terminal event logs and scan for any instance where customers canned private key at the ATM. The bulletin also outlined the steps users could take to find out if your server was breached.

“Investigate your master.log and admin.log files and look for time gaps that your server wasn’t logging anything. Typically you will only see one day of events. The attacker was deleting these logs to conceal his activity. This is a certain indicator of attack.” The bulletin explained.