Hot Wallets Exploits Push This Crypto ATM Maker To End Cloud Service

2023-3-21 17:30

One of the challenges of the crypto industry is cybercrime. These nefarious activities come in diverse strategies such as network hacks, phishing, exploits, etc. 2022 was one of the worst years for the industry as many projects and DeFi protocols recorded massive losses to bad actors. 

This year, 2023, has also seen vast exploits, including the most recent Euler Finance hack. Another exploit has just pushed a Bitcoin ATM maker, General Bytes, to shut down its cloud services.

The attackers compromised many users’ hot wallets and stole private keys, passwords, etc., stealing crypto assets. The attackers were able to breach the company’s cloud services and other operators’ standalone servers. 

Bitcoin ATM General Bytes Loses Funds To Hackers

General Bytes hasn’t disclosed the total amount of funds the attackers stole from users’ hot wallets but it has shared details of how the exploit happened. The hacker first uploaded and ran a Java application into Bytes’ terminals through the master service interface. The aim was to steal users’ information and send funds from their wallets. 

The company sent a patch release bulletin, warning users of the discovery. Also, General Bytes founder Karel Kyovsky revealed that gaining access to Bytes’ terminals enabled hackers to access the company’s database. It also allowed them to read and decrypt API keys to access funds in hot wallets and exchanges.

Furthermore, the hackers downloaded users’ password hashes and their user names, turned off 2-factor authentication, and even sent out funds from hot wallets. The bad actors could also access event logs at the terminals to identify private keys scanned at the company’s ATMs, especially the older versions that keep such logs. 

Notably, Kyovsky revealed that the firm conducted security audits multiple times in 2021. However, none of the audits discovered this vulnerability. 

General Bytes Moves To Protect Crypto Users

So far, General Bytes has identified and shared details of the 41 wallets used in the attack. One of the wallets received multiple transactions and ended with 56 BTC worth $1.54 million. A second wallet received many ETH transactions, up to 21.82 ETH, worth almost $36,000 at market price.

The press bulletin also shared some steps users can take to protect themselves from losing everything. First, General Bytes mandates ATM operators to install standalone servers. It released two patches for its Crypto Application Server (CAS) managing the ATM operations.

Kyovsky further advised operators to keep the CAS behind a VPN and firewall; the Terminals should only connect CAS through a VPN. Regarding the passwords and API keys, the founder asked the operators to invalidate them and create new ones since they were compromised. 

To the experts and security companies, ATM maker stated it aims to conduct many independent security audits and requires the help of any firm that could help.

Featured image from Pixabay and chart from Tradingview.com

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Miner One token (MIO) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Доступно / Всего 0 MIO

one exploits crypto industry years worst 2022

one exploits → Результатов: 31


Фото:

DeFi Protocol Exploits Presenting Opportunities for DeFi Insurance

The interest in Decentralized Finance (DeFi) over the past two to three years has made it one of the fastest-growing areas in the decentralized web ecosystem. DeFi generally refers to the provision of peer-to-peer financial services over mostly public blockchains, through the use of smart contracts thereby eliminating the need for financial third parties or […]

2022-7-5 17:46


Фото:

Ciphertrace Report Shows Crypto Crime Moving to Defi

Ciphertrace, a blockchain analytics company, has announced that crypto-related crimes have moved to the realm of decentralized finance (defi) apps and protocols. Now, the impact these hacks and exploits represent is way bigger than the one classic hacks to centralized exchanges and other scams do, according to their latest “Cryptocurrency Crime and Anti-Money Laundering Report.” […]

2021-5-15 03:30


Фото:

Meet Panda, an illicit cryptocurrency mining crew terrorizing organizations worldwide

Cybersecurity researchers have profiled a hacking crew named “Panda” believed to have amassed roughly $90,000 worth of cryptocurrency via remote access tools (RATs) and illicit mining malware. The Cisco Talos Intelligence Group noted that while Panda isn’t exactly sophisticated, it has persisted as one of the internet’s most active attackers in recent years.

2019-9-18 15:12


Saiterm ICO

Our goal is to finance the development of the production and marketing of a physical, totally innovative product for high efficiency heating of environments, remaining independent and autonomous, financing via the blockchain, the creation of production and commercial facilities necessary for the production and distribution of the most efficient heating system in the world, a system already designed, patented, implemented and tested.

2019-1-30 17:36


Фото:

YouTube is flush with ‘prank’ videos involving laxatives

YouTube recently removed a mean-spirited video involving a YouTuber poisoning a loved one with laxatives. That’s nice, YouTube. Now get started on the thousands of other videos just like it. Recently, the website Babe ran an expose on the channel “CJ SO COOL,” which stars a father who repeatedly “pranks” his four children and wife and laughs at the ensuing pain, suffering, and chaos his antics cause.

2018-8-7 00:51