Threat Management, Vulnerability Management

More than $1.6M stolen in General Bytes hack

Share
BleepingComputer reports that major Bitcoin ATM manufacturer General Bytes has lost more than $1.6 million worth of cryptocurrency following a cyberattack exploiting a zero-day flaw in its bitcoin ATM management platform between March 17 and 18. Attackers leveraged the vulnerability, tracked as BATM-4780, to enable the upload of a Java application, which then facilitated database access, API key access and decryption, hot wallet fund transfers, user credential downloads, and two-factor authentication deactivation, as well as terminal event log access, according to General Bytes, which emphasized that both its customers and cloud service were compromised as a result of the attack. Nearly $1.589 million in Bitcoin and almost $39,000 in Ethereum had been taken from General Bytes, with the stolen Ethereum converted to USDT. Meanwhile, the attack has prompted General Bytes to urge immediate upgrades for Crypto Application Server admins as it shuts down its cloud service due to challenges in securing the service from threat actors.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.