Bitcoin ATM maker shuts cloud service after user hot wallets compromised

Bitcoin ATM manufacturer General Bytes has shuttered its cloud services after discovering a “security vulnerability” that allowed an attacker to access users’ hot wallets and gain sensitive information, such as passwords and private keys.

The company is based in Prague and according to its website has sold over 15,000 Bitcoin ATMs to purchasers in over 149 countries all over the world

In a March 18 patch release bulletin, the ATM manufacturer issued a warning explaining that a hacker has been able to remotely upload and run a Java application via the master service interface into its terminals aimed at stealing user information and sending funds from hot wallets.

General Byes founder Karel Kyovsky in the bulletin explained this allowed the hacker to achieve the following:

  • “Ability to access the database.
  • Ability to read and decrypt API keys used to access funds in hot wallets and exchanges.
  • Send funds from hot wallets.
  • Download user names, their password hashes and turn off 2FA.
  • Ability to access terminal event logs and scan for any instance where customers scanned private key at the ATM. Older versions of ATM software were logging this information.”

The notice reveals that both General Bytes’ cloud service was breached as well as other operators’ standalone servers.

“We’ve concluded multiple security audits since 2021, and none of them identified this vulnerability,” Kyovsky said.