The ATM maker shuttered its cloud services to limit further compromise of sensitive user information.
Bitcoin ATM maker General Bytes has reportedly lost BTC worth about $1.5 million to a crypto hack. The company reported a security incident between March 17 and 18 that allowed unauthorized access to compromising user information.
According to the press release, the attacker gained remote access to the entire database, API keys, hot wallets, user names and passwords. Consequently, the attacker could also turn off 2-factor authentication and access terminal event logs showing customers who may have scanned their private keys at any Bitcoin ATM. This compromised hot wallets allowing the hacker to siphon tokens into other wallet addresses. The hack also compromised General Bytes’ cloud services.
Following the hack, the Bitcoin ATM maker released 41 wallet addresses used in the hack. One of the wallet addresses received 56 BTC, equalling about $1.5 million. Another wallet address also received about 21.82 ETH, which is over $39,000 at current prices.
General Bytes’ Response
Following the security incident, the ATM maker shuttered its cloud services to limit further compromise of sensitive user information. The company also issued a security advisory to all operators and users of its ATMs worldwide. The advisory included instructions on how operators could confirm breaches on their systems and how to fix the breaches.
Again, the Bitcoin maker advised BTC ATM operators to install their standalone server, releasing two security patches for the Crypto Application Server (CAS).
Also, the firm has extended an open invitation to multiple security firms to audit its systems again. The firm noted that it had completed multiple security audits since 2021. “None of them identified this vulnerability,” it said.
The firm believes that having multiple audits by multiple companies may help forestall similar situations in the future. All interested security firms will be required to spend a short time at the Prague offices to review the ATMs physically.
Developing a Holistic Security Strategy
While smart contracts and private keys may be the most common way for crypto hacks, they are not the only threats. The crypto hack, once again, underscores the importance of developing a comprehensive security approach for the blockchain ecosystem. Such an approach will address attacks at all blockchain endpoints and levels within the ecosystem.
An experienced writer with practical experience in the fintech industry. When not writing, he spends his time reading, researching or teaching.