Crypto ATM Numbers Drop by 13.91% Since December 2022, Over 3,600 Went Offline in March

April 2, 2023 Bitcoin.com

Bitcoin ATM maker to refund customers impacted by zero-day hack

March 28, 2023 Coin Telegraph

Bitcoin ATM

General Bytes has implemented several measures in the wake of the hack, including offering to reimburse its cloud-hosted customers and adding new security measures.

Bitcoin ATM manufacturer General Bytes says it is reimbursing its cloud-hosted customers that lost funds in a "security incident" in March that saw its customers' hot wallets accessed.

As previously reported by Cointelegraph, the ATM manufacturer issued a statement about a security incident on March 17 and March 18, which involved a hacker remotely uploading a Java application into its terminals and gaining access to sensitive information, such as passwords, private keys and funds from hot wallets.

In a recent statement to Cointelegraph, the ATM manufacturer said have since been moving swiftly to "address the situation" and has made the decision to refund its "cloud-hosted customers who have lost funds."

On March 17-18th, 2023, GENERAL BYTES experienced a security incident.

We released a statement urging customers to take immediate action to protect their personal information.

We urge all our customers to take immediate action to protect their funds and https://t.co/fajc61lcwR…
— GENERAL BYTES (@generalbytes) March 18, 2023

"We have taken immediate steps to prevent further unauthorized access to our systems and are working tirelessly to protect our customers," General Bytes said in a statement.

It was understood that the hack led to at least 56 BTC, worth over $1.5 million at current prices, and 21.82 ETH, $37,000 at current prices, being deposited into wallets connected to the hacker.

According to General Bytes, it has thoroughly assessed the damages from the hack and has been "working tirelessly" to improve security measures and prevent similar incidents from happening again.

*General Bytes told affected customers to implement new security measures after the hack. Source: General Bytes*

Along with the reimbursement for affected customers, the ATM manufacturer has also said they are encouraging all customers to migrate to a self-hosted server installation, where they can effectively secure their server platform using VPN.

"We are investing heavily in additional human resources to assist our clients in migrating their existing infrastructure to a self-hosted server installation."

According to General Bytes, the hack did not affect most ATM operators using self-hosted server installations" as these customers employ VPN technology to protect their infrastructure."

The ATM manufacturer first warned customers about the hacker in a March 18 patch release bulletin. As a result of the security breach, General Btyes shuttered its cloud services.

"General Bytes takes the security of our customers' funds and data very seriously. We apologize for any inconvenience caused and remain committed to serving our customers with integrity and professionalism.”

The company is based in Prague and according to its website has sold over 15,000 Bitcoin (BTC) ATMs to purchasers in over 149 countries all over the world.

Bitcoin ATM maker shuts cloud service after user hot wallets compromised

March 20, 2023 Coin Telegraph

API keys

Bitcoin ATM manufacturer General Bytes said a hacker was able to install and run a Java application in its terminals that could access user information and send funds from hot wallets.

Bitcoin ATM manufacturer General Bytes has shuttered its cloud services after discovering a “security vulnerability” that allowed an attacker to access users' hot wallets and gain sensitive information, such as passwords and private keys.

The company is a Bitcoin (BTC) ATM manufacturer based in Prague, and according to its website, has sold over 15,000 ATMs to over 149 countries all over the world.

In a March 18 patch release bulletin, the ATM manufacturer issued a warning explaining that a hacker has been able to remotely upload and run a Java application via the master service interface into its terminals aimed at stealing user information and sending funds from hot wallets.

On March 17-18th, 2023, GENERAL BYTES experienced a security incident.

We released a statement urging customers to take immediate action to protect their personal information.

We urge all our customers to take immediate action to protect their funds and https://t.co/fajc61lcwR… https://t.co/g5FGqvqZQ7
— GENERAL BYTES (@generalbytes) March 18, 2023

General Byes founder Karel Kyovsky in the bulletin explained this allowed the hacker to achieve the following:

"Ability to access the database.
Ability to read and decrypt API keys used to access funds in hot wallets and exchanges.
Send funds from hot wallets.
Download user names, their password hashes and turn off 2FA.
Ability to access terminal event logs and scan for any instance where customers scanned private key at the ATM. Older versions of ATM software were logging this information."

The notice reveals that both General Bytes' cloud service was breached as well as other operators' standalone severs.

“We’ve concluded multiple security audits since 2021, and none of them identified this vulnerability,” Kyovsky said.

Hot wallets compromised

Though the company noted that the hacker was able to “Send funds from hot wallets,” it did not disclose how much was stolen as a result of the breach.

However, General Bytes released the details of 41 wallet addresses that were used in the attack. On-chain data shows multiple transactions into one of the wallets, resulting in a total balance of 56 BTC, worth over $1.54 million at current prices.

*General Bytes released the details of 41 wallet addresses used in the attack. Source: General Bytes*

Another wallet shows multiple Ether (ETH) transactions, with the total received amounting to 21.82 ETH, worth roughly $36,000 at current prices.

Cointelegraph reached out to General Bytes for confirmation but did not receive a reply before publication.

The company has urgently advised BTC ATM operators to install their own standalone server and released two patches for their Crypto Application Server (CAS), which manages the ATM's operation.

*General Bytes is a Bitcoin ATM manufacturer based in Prague that has sold over 15,000 ATMs worldwide. Source: General Bytes*

"Please keep your CAS behind a firewall and VPN. Terminals should also connect to CAS via VPN," Kyovsky wrote.

"Additionally consider all your user's passwords, and API keys to exchanges and hot wallets to be compromised. Please invalidate them and generate new keys & password."

General Bytes previously had its servers compromised via a zero-day attack in September last year that enabled hackers to make themselves the default administrators and modify settings so that all funds would be transferred.

Major Cryptocurrency ATM Manufacturer General Bytes Hacked, Over $1.5M in Bitcoin Stolen

March 19, 2023 Bitcoin.com

Study: 6,100 Crypto ATMs Installed in 2022, Figure 3 Times Less Than in Previous Year

November 24, 2022 Bitcoin.com

Bitcoin ATM Company Targeted by Hackers Exploiting Zero-Day Bug: Report

August 22, 2022 The Daily Hodl

The Number of Cryptocurrency ATMs Installed Worldwide Surpasses 39,000

August 8, 2022 Bitcoin.com

Vulnerable: Kraken reveals many US Bitcoin ATMs still use default admin QR codes

September 30, 2021 Coin Telegraph

BATMTwo

Kraken has urged BATMTwo ATM owners and operators to change the admin QR code for their ATMs to avoid potential attacks.

Kraken Security Labs has said that a “large number” of Bitcoin ATMs are vulnerable to hacking as the administrators never changed the default admin QR code.

In a Sept. 29 blog post, Kraken posted research from its Security Labs team which found that there are “multiple hardware and software vulnerabilities” in the General Bytes BATMTwo ATM range.

“Multiple attack vectors were found through the default administrative QR code, the Android operating software, the ATM management system and even the hardware case of the machine,” the post read.

Kraken’s security team stated that if a hacker gets their hands on the administrative code, they can essentially “walk up to an ATM and compromise it,” while also highlighting issues with the BATMtwo’s lack of secure boot mechanisms, as well as “critical vulnerabilities” in the ATM’s management system. However, General Bytes has reportedly already alerted ATM owners to the vulnerabilities:

“Kraken Security Labs reported the vulnerabilities to General Bytes on April 20, 2021, they released patches to their backend system (CAS) and alerted their customers, but full fixes for some of the issues may still require hardware revisions.”

The team also found that it was able to gain full access to the Android operating system behind the BATMTwo ATM by simply attaching a USB keyboard to the machine, and warned that “anyone” could “install applications, copy files or conduct other malicious activities.”

General Bytes is headquartered in the Czech Republic and, according to Coin ATM Radar, there are currently 6391 General Bytes ATMs installed worldwide, which represents 22.7% of the global market. However, those figures also account for BATMThree machines which weren’t reported on by Kraken.

The majority of the BATM ATMs are located in the U.S. and Canada, with a combined figure tallying in at around 5300, while Europe has around 824 ATMs installed.

Kraken is calling on BATMTwo owners and operators to change the default QR admin code, update the CAS server and place the ATMs in visible locations for security cameras.

Bitcoin ATM scams

While reports of hacked Bitcoin ATMs appear to be minimal, there is a history of crafty individuals building scams around crypto ATMs.

In March of 2019, the Toronto Police issued a public statement calling on the community to locate four men suspected of carrying out a series of “double-spending” transactions that fetched $150,000 worth of funds over a 10-day window. Double spending consists of canceling transactions before the ATM has had a chance to confirm but keeping the dispensed cash.

The Oakland Press reported on June. 22 of this year that two women from Berkley were scammed out of a combined $15,000 after fraudsters posed as public safety officers and federal employees. The scammers reportedly told the victims that they had outstanding warrants and tax violations, and ordered them to pay fines via local Bitcoin ATMs in the area.

And Malwarebytes posted research in August which uncovered a trend of gas station Bitcoin ATM scams in which threat actors would post fake jobs listings to dupe applicants into money laundering.

General Bytes

Hot wallets compromised

Bitcoin ATM scams

Share this video