General Bytes Bitcoin ATMs Face a Data Breach — 1.6 Million Stolen

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

Bitcoin ATM manufacturer General Bytes recently suffered a significant data breach, exposing the personal and financial information of its customers.

The attack, which occurred on March 17, was caused by a vulnerability in the company’s remote support software. This resulted in the hacker gaining a significant amount of control over

The attackers were able to upload a rogue java application via the master service interface used by terminals to upload videos. This allowed them to gain full database access, read and decrypt API keys used to access funds in hot wallets and exchanges, send funds from hot wallets,

download user names and password hashes, and disable two-factor authentication. The breach affected General Bytes’ cloud service as well as other operators’ standalone servers.

General Bytes has urged its users to monitor their accounts for unauthorized activity and to change their passwords as a precautionary measure. They have also recommended updating to the latest version of their remote support software. The company has launched an investigation into the breach and implemented additional measures to prevent future incidents.

While the breach did not compromise any cryptocurrency stored in the ATMs, it has caused concern among the company’s clients and the wider cryptocurrency community, which relies on the ATMs in order to trade.

In a separate incident, a zero-day vulnerability in General Bytes’ Bitcoin ATMs’ software allowed hackers to steal approximately $1.6 million worth of assets from hot wallets. The attackers leveraged a flaw in the terminals’ master service interface to upload a rogue java application remotely.

The vulnerability granted the hackers several privileges, including full database access, the ability to read and decrypt hot wallets and exchange API keys, and the ability to disable two-factor authentication.

Despite the company having run several security audits since 2021, the vulnerability went undetected. General Bytes included an extensive list of crypto addresses and IP addresses used by the attackers in their security advisory. The report also includes detailed information to help operators establish whether their server was breached, as well as a series of mitigation recommendations.

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends.

Leave a Comment