Bitcoin ATM maker General Bytes has revealed that an unidentified attacker exploited a zero-day security flaw in its software to steal cryptocurrencies from hot wallets.
“The attackers were able to upload videos and remotely upload their own Java applications through the master services interface used on devices running with ‘batm’ user privileges,” the company said over the weekend. stated in the published advisory.
“The attackers scanned the Digital Ocean Cloud hosting IP address space and identified a CAS service running on port 7741, including the General Bytes Cloud service and others running servers on Digital Ocean. This includes other GB ATM operators that are
According to the company, the server to which the malicious Java application was uploaded was configured by default to launch the application located in the deployment folder (“/batm/app/admin/standalone/deployments/”).
By doing so, the attacker gained access to the database. Read and decrypt API keys used to access funds in hot wallets and exchanges. Send funds from your wallet; download username and password hashes and turn off two-factor authentication (2FA). You can also access your device’s event log.
It also warned that as a result of this incident, its own cloud services and other operators’ standalone servers were compromised, leading to the shutdown of the services.
In addition to encouraging customers to keep their cryptographic application servers (CAS) behind firewalls and VPNs, we also recommend rotating all user passwords and API keys across exchanges and hot wallets.
“The CAS security fix will be delivered in two server patch releases, 20221118.48 and 20230120.44,” General Bytes said in an advisory.
The company further emphasized that it has conducted multiple security audits since 2021, none of which have flagged the vulnerability. It doesn’t appear to have been patched since version 20210401.
Discover the hidden dangers of third-party SaaS apps
Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.
reserve a seat
General Bytes did not disclose the exact amount stolen by the hackers, but an analysis of the cryptocurrency wallets used in the attack found 56.283 BTC ($1.5 million), 21.823 ETH ($36,500), 1,219.183 LTC (96,500 USD), dollar) has been revealed.
The ATM hack was the second breach targeting General Bytes in less than a year, with another zero-day flaw in an ATM server being exploited to steal cryptocurrency from customers in August 2022.
