Bitcoin ATM maker General Bytes has revealed that an unidentified attacker exploited a zero-day security flaw in its software to steal cryptocurrencies from hot wallets.
“The attacker was able to remotely upload their own Java application through the master service interface that the device uses to upload videos and run with ‘batm’ user privileges. Said In an advisory released over the weekend.
โThe attackers scanned the Digital Ocean Cloud hosting IP address space and identified a CAS service running on port 7741, including the General Bytes Cloud service and others running servers on Digital Ocean. This includes other GB ATM operators that are
According to the company, the server to which the malicious Java application was uploaded was configured by default to launch the application located in the deployment folder (“/batm/app/admin/standalone/deployments/”).
By doing so, the attacker gained access to the database. Read and decrypt API keys used to access funds in hot wallets and exchanges. Send funds from your wallet; download username and password hashes and turn off two-factor authentication (2FA). You can also access your device’s event log.
It also warned that as a result of this incident, its own cloud services and other operators’ standalone servers were compromised, leading to the shutdown of the services.
In addition to encouraging customers to keep their cryptographic application servers (CAS) behind firewalls and VPNs, we also recommend rotating all user passwords and API keys across exchanges and hot wallets.
“The CAS security fix will be delivered in two server patch releases, 20221118.48 and 20230120.44,” General Bytes said in an advisory.
The company further emphasized that it has conducted multiple security audits since 2021, none of which have flagged the vulnerability. It doesn’t appear to have been patched since version 20210401.
Discover the hidden dangers of third-party SaaS apps
Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.
General Bytes has not disclosed the exact amount the hackers stole, but analysis of the cryptocurrency wallets used in the attack reveals: 56.283 BTC ($1.5 million), 21.823 Ethereum ($36,500), and 1,219.183 LTC ($96,500).
The ATM hack was the second breach targeting General Bytes in less than a year, with another zero-day flaw in an ATM server being exploited to steal cryptocurrency from customers in August 2022.
