reports that major Bitcoin ATM manufacturer General Bytes
has lost more than $1.6 million worth of cryptocurrency following a cyberattack exploiting a zero-day flaw in its bitcoin ATM management platform between March 17 and 18.
Attackers leveraged the vulnerability, tracked as BATM-4780, to enable the upload of a Java application, which then facilitated database access, API key access and decryption, hot wallet fund transfers, user credential downloads, and two-factor authentication deactivation, as well as terminal event log access, according to General Bytes, which emphasized that both its customers and cloud service were compromised as a result of the attack.
Nearly $1.589 million in Bitcoin and almost $39,000 in Ethereum had been taken from General Bytes, with the stolen Ethereum converted to USDT.
Meanwhile, the attack has prompted General Bytes to urge immediate upgrades for Crypto Application Server admins as it shuts down its cloud service due to challenges in securing the service from threat actors.