Security Breach at Bitcoin ATM Maker: General Bytes Closes Cloud Service Amid Vulnerability – Here's What Happened

cryptonews.com:

Major Bitcoin ATM manufacturer General Bytes has experienced a security breach that led to $1.5 million worth of BTC stolen from a number of its crypto ATM operators. 

In a recent blog post, General Byes founder Karel Kyovsky said that a hacker was able to upload their own Java application onto the company's bitcoin ATMs, which allowed them to read and decrypt API keys to access funds on exchanges and hot wallets.

This resulted in the attacker gaining the ability to access the database, download user names and passwords, turn off two-factor authentication, and scan terminal event logs for instances when customers scanned private keys in the ATM, Kyovsky said. 

“We released a statement urging customers to take immediate action to protect their personal information,” the company explained in a Twitter post. “We urge all our customers to take immediate action to protect their funds and personal information and carefully read the security bulletin."

Meanwhile, on-chain data shows a wallet used in the attack holds 56 BTC, worth over $1.5 million, which was received around the time of the attack. Etherscan data showed that the attacker also moved around 21.79 Ethereum ($39,043) through Uniswap decentralized exchange (DEX).

General Bytes added that other wallets used by the hacker during the attack belonged to digital assets like XRP, BUSD, Cardano, DAI, DogeCoin, Shiba Inu, Tron, etc.

General Bytes announced that both its cloud service and standalone servers were compromised. As a result, the company is closing down its cloud service. It said:

“It is theoretically (and practically) impossible to secure a system granting access to multiple operators at the same time where some of them are bad actors. You’ll need to install your own