Analyzing GENERAL BYTES Bitcoin ATM Maker Breach and Protecting Yourself

Bitcoin ATM maker GENERAL BYTES has announced that it has experienced a security incident of the highest severity. According to the company, the attacker was able to identify a security vulnerability in the master service interface used by Bitcoin ATMs to upload videos to the server.

This vulnerability allowed the attacker to read and decrypt API keys used to access funds in hot wallets and exchanges.

The attacker was able to upload a java application remotely via the master service interface used by terminals to upload videos and run it using batm user privileges. This gave them access to the database, the ability to send funds from hot wallets, and the ability to download user names and their password hashes. Additionally, the attacker was able to turn off two-factor authentication and access terminal event logs.

The incident affected older versions of ATM software that were logging customer’s private key information. GB has advised customers to investigate their master.log and admin.log files for time gaps when the server was not logging anything, which is a certain indicator of an attack. Customers should also look for suspicious content in /batm/app/admin/standalone/deployments/ and consider that their user passwords and API keys have been compromised.

The company has recommended that customers regenerate new API keys and invalidate old ones, change all user passwords, and install their own Standalone server. GB has stated that it is shuttering its Cloud service as it is impossible to secure a system granting access to multiple operators at the same time where some of them are bad actors. GB support will help customers migrate their data from the GB Cloud to their own Standalone server.

In conclusion, GB has experienced a significant security incident that has compromised customer information and API keys. Customers should take immediate action to protect themselves by regenerating API keys, changing passwords, and installing their own Standalone server. The incident highlights the importance of security measures in the cryptocurrency industry, and the need for constant vigilance against attackers.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

Follow us on Reddit

You might also like