The leading manufacturer of Bitcoin Bankmeters, General Bytes, has revealed that hackers successfully stole cryptocurrency from the company and its customers by exploiting a zero-day vulnerability in the Batm Management Platform.
General Bytes manufactures bitcoin banking materials that enable people to purchase or sell over 40 virtual cryptocurrencies. The company’s corporate clients can deploy ATMs using autonomous management servers or the General Bytes cloud service.
Over the weekend, General Bytes disclosed that hackers seized the opportunity to remove the malicious Java application by taking full advantage of the zero-day vulnerability, also known as BATM-4780, through the main service interface of the ATM.
Explaining how this occurred, General Bytes said, “The attacker scanned the space of the IP addresses of the Digital Ocean cloud hosting and found the operating CAS services at 7741, including the General Bytes cloud service.”
In response to the incident, the company issued an emergency statement on Twitter, requesting that customers “take immediate measures” to install the most current updates to defend their servers and funds from cybercriminals.
According to the firm’s official statement on Twitter, the attackers had the ability to perform the following actions on compromised devices after loading the malicious Java application:
- Access to the company’s database
- Reading and deciphering the API-keys used to access funds in cryptocurrencies and exchanges
- Transferring funds from cryptocurrencies
- Downloading user names, their password hash, and shutdown 2fa
- Accessing logs of terminal events and searching for instances when clients scanned closed keys against the ATM
The company emphasized that the General Bytes cloud service was hacked similarly to the autonomous servers of other operators.
General Bytes also disclosed a long list of cryptocurrency addresses used by hackers during the attack. According to the company, cyber criminals stole cryptocurrency from the Bitcoin Bankomatov servers on March 17, resulting in hackers receiving 56.28570959 BTC worth approximately $1,589,000 and 21.79436191 Ethereum worth approximately $39,000.
Although the Bitcoin wallet of the attackers still contains stolen cryptocurrency, it appears that cybercriminals used Uniswap to convert the stolen Ethereum into USDT.
General Bytes has recommended that Crypto Application Server (CAS) operators scrutinize log files for malicious activity and that users modify passwords for their cryptocurrencies. The company stated that it will shut down its cloud service because it believes it is “theoretically and almost impossible” to safeguard it against