Bitcoin ATM Manufacturer Suffers Attack

March 31, 2023

INCIDENT

General Bytes, a manufacturer of Bitcoin ATMs, disclosed a security incident that resulted in the theft of millions of dollars’ worth of funds. Attackers were able to steal cryptocurrency from the company and its customers using a Zero Day in its BATM management platform.
In terms of the March 17-18 incident, here is what General Bytes said what happened:
The attacker identified a security vulnerability in the master service interface used by Bitcoin ATMs to upload videos to server.
The attacker scanned the Digital Ocean cloud hosting IP address space and identified running Crypto Application Server (CAS) services on ports 7741, including the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean (our recommended cloud hosting provider).
Using this security vulnerability, attacker uploaded his own application directly to application server used by admin interface. Application server was by default configured to start applications in its deployment folder.

Incident Date

March 17, 2023

Estimated Cost

It is believed the attack resulted in at least 56 Bitcoin (BTC) worth over $1.5 million and 21.82 Ether (ETH) worth $37,000 being sent to wallets associated with the hacker.

Victims

Type of Malware

No Malware identified

Threat Source

No threat source identified