In an official announcement, General Bytes, Bitcoin automated machine (ATM) maker, has accepted a security breach incident during the weekends. The firm suspects the incident to be between Friday and Saturday giving hackers access to its database.
The hacker uploaded his java application remotely through the master service interface and ran it using the Bitcoin ATM user privileges. The firm also took to Twitter to share the news and has described this breach severity as “highest.”
In its press release, General Bytes said the incident enabled the attacker to access funds in hot wallets and exchanges, send funds from hot wallets, steal usernames and passwords, and turn off two-factor authentication. A hot wallet refers to a virtual currency wallet that is accessible online, and it facilitates cryptocurrency transactions between the owner and end-users. It added that its cloud services were breached alongside other operators’ standalone servers.
The company also cautioned its customers and urged users to act immediately to protect their funds and personal information and abide by the provided guidelines. It wrote:
We urge all our customers to take immediate action to protect their funds and personal information and carefully read the security bulletin listed here.
However, the amount of information the attacker stole is still unclear. Meanwhile, the company said it shut down its cloud services temporarily as a precaution. The firm’s ATMs in the United States have also been reportedly shuttered. According to on-chain data, a wallet used in the attack holds 56 Bitcoins worth over $1.5 million which was received around the time of the attack. Etherscan data showed that the attacker also moved around 21.79 Ethereum ($39,043) through Uniswap decentralized exchange (DEX).
As per General Bytes, other wallets used by the hacker during the attack belonged to digital assets like Ripple (XRP), Binance USD (BUSD), Cardano, DAI, DogeCoin, Shiba Inu, Tron, etc. Similar to the data breach, the total amount of crypto stolen remains unclear. The firm has released a security fix for the incident and has urged users to implement the fix.
According to General Bytes, users must upgrade their servers and invalidate all passwords, API keys, and hot wallets. However, this is not the first the company has experienced a breach.
In August last year, the company reported a hack that led to the theft of deposited Bitcoins at ATMs. At the time, the company said around $16,000 were stolen by the hackers. Meanwhile, General Bytes is one of the top Bitcoin ATM manufacturers. The company has sold over 15,000 machines in more than 149 countries.
A few days back, the biggest hack of the year took place as a financial company suffered a security breach. Hackers stole almost $195 million in a flash loan assault from the decentralized finance (DeFi) platform Euler Finance, making it the biggest attack of 2023 thus far. The thieves moved the stolen money to two new wallets, one of which contained DAI tokens and Ethereum (ETH) stablecoins.
Crypto hacks have been troubling investors, industry participants, and regulators across the globe. According to data reported by Todayq News, the crypto industry lost $3.9 billion in the previous year. Amongst these losses, hacks were found to be the main causes, accounting for 95.6% of the total, and the rest, 4.4%, comprising fraud, scams, and rug pulls.