General Bytes ATMs Hacked, Hackers Exploit Zero-day Vulnerability

Leading Bitcoin ATM manufacturer General Bytes recently disclosed that hackers stole cryptocurrency from the company and its customers using a zero-day vulnerability in its BATM management platform. Here’s what we know about the incident.

Exploited zero-day vulnerability

Hackers exploited a zero-day vulnerability tracked as BATM-4780 to remotely upload a Java application via the ATM’s master service interface and run it with ‘batm’ user privileges.

After uploading the Java application, the threat actors gained access to the database, API keys, and hot wallets of compromised devices, as well as user names and password hashes.

Breached customers and cloud service

General Bytes warned that its customers and its own cloud service were breached during the attacks. The company urged customers to install the latest updates to protect their servers and funds from attackers. The company also provided a list of cryptocurrency addresses used by the hacker during the attack.

Shuttering cloud service and releasing security fix

General Bytes announced that it is shuttering its cloud service because it finds it “theoretically (and practically) impossible” to secure it from bad actors while providing access to multiple operators.

The company will provide support with data migration to those who would like to install their own standalone CAS behind a firewall and VPN. The company has also released a CAS security fix that addresses the exploited vulnerability.

Multiple security audits planned

General Bytes had a security incident in August 2022, and the company plans to conduct numerous security audits of its products by multiple companies in a short period to discover and fix other potential flaws before bad actors find them.

Although the company disclosed how much money the attacker stole, they provided a list of cryptocurrency addresses used by the hacker during the attack.

The importance of timely updates

This recent hack underscores the importance of timely updates for software and systems that deal with sensitive information and transactions.

As General Bytes explained in its security incident disclosure, the attackers were able to exploit a zero-day vulnerability in its BATM management platform. A zero-day vulnerability is a software vulnerability that is unknown to the vendor or manufacturer, making it difficult to patch or fix until it is discovered and disclosed.

In this case, the company had released a patch for the vulnerability before the attack occurred. However, some customers had not updated their systems in time, leaving them vulnerable to attack.

This incident highlights the need for companies and individuals to stay up-to-date with security patches and software updates. Failing to do so can leave systems and data vulnerable to attack, putting both the company and its customers at risk.

General Bytes’ response

General Bytes has taken swift action in response to the hack. The company has released patches to fix the exploited vulnerability and has provided detailed instructions for customers on how to protect their systems.

In addition, the company is shuttering its cloud service, which it says is “theoretically (and practically) impossible” to secure from bad actors. Instead, General Bytes is encouraging customers to install their own standalone CAS behind a firewall and VPN.

General Bytes has also pledged to conduct numerous security audits of its products by multiple companies in a short period to discover and fix other potential flaws before bad actors find them.

The General Bytes ATM hack highlights the ongoing threat of cyber attacks on cryptocurrency systems and the need for companies and individuals to take proactive steps to protect their systems and data.

By staying up-to-date with security patches and software updates, companies can reduce the risk of a successful attack. And by conducting regular security audits, companies can identify and fix vulnerabilities before bad actors can exploit them.

As the use of cryptocurrency continues to grow, it is essential that companies and individuals take cybersecurity seriously to protect themselves and their customers from the growing threat of cyber attacks.