General Bytes Bitcoin (BTC) ATMs have reportedly been robbed of $1.5 million by hackers exploiting a zero-day vulnerability in the BATM management platform.
Protect against such attacks in future
The hackers reportedly remotely uploaded a Java application through the ATM’s master service interface and ran it with BATM user privileges, according to a report on Bleeping Computer.
The hackers were able to access the database through the application, decipher API keys to access funds in hot wallets and exchanges, find usernames and password hashes, and check the terminal event logs for scanning users’ private keys at the ATM. General Bytes reported the following:
The attacker scanned the Digital Ocean cloud’s IP address space and identified running CAS services on ports 7741, including the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean.
Finally, to protect their servers from these attacks, the company asked customers to install updates. General Bytes also announced that it will terminate its cloud service because it is “in theory (and in practice) impossible” to protect this service from hackers.