"Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes"

Cryptocurrency ATM manufacturer General Bytes recently disclosed a security incident that resulted in the theft of millions of dollars worth of funds.  The company said that the attackers exploited a vulnerability in the master service interface that Bitcoin ATMs use to upload videos, which allowed them to upload a JavaScript script and execute it with user privileges.  The company noted that the attacker scanned the Digital Ocean cloud hosting IP address space and identified running CAS services on ports 7741, including the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean.  The code execution provided the attackers with access to the database and access to API keys for accessing funds in hot wallets and exchanges.  The attackers were then able to transfer funds from hot wallets, steal account usernames and password hashes, and disable two-factor authentication.  The company noted that the attackers gained the “ability to access terminal event logs and scan for any instance where customers scanned private key at the ATM,” information that was logged by older versions of ATM software.  The crypto ATM maker released a CAS security fix and urged customers to consider all user passwords and API keys to exchanges and hot wallets as being compromised and to change them.  While General Bytes did not share information on the number of impacted ATM operators and users, transaction logs show that the attackers stole roughly $1.5 million in Bitcoin (around 56 BTC) from roughly 15 operators.  Funds were stolen in dozens of other cryptocurrencies as well.  The company said that, despite several security audits conducted since 2021, the vulnerability exploited in this attack was not identified prior to the incident.

SecurityWeek reports: "Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes"