bitcoin atm

Bitcoin ATM maker to refund customers impacted by zero-day hack

General Bytes has implemented several measures in the wake of the hack, including offering to reimburse its cloud-hosted customers and adding new security measures.

Bitcoin ATM manufacturer General Bytes says it is reimbursing its cloud-hosted customers that lost funds in a “security incident” in March that saw its customers’ hot wallets accessed.

As previously reported by Cointelegraph, a hacker gained access to sensitive information, including passwords, private keys and funds from hot wallets on March 17 and 18 after remotely uploading a Java application into General Bytes’ terminals. The ATM manufacturer detailed the attack in a March 23 incident report.

In a recent statement to Cointelegraph, the ATM manufacturer said have since been moving swiftly to “address the situation” and has made the decision to refund its “cloud-hosted customers who have lost funds.”

“We have taken immediate steps to prevent further unauthorized access to our systems and are working tirelessly to protect our customers,” General Bytes said in a statement.

It was understood that the hack led to at least 56 Bitcoin (BTC), worth over $1.5 million at current prices, and 21.82 Ether (ETH), $37,000 at current prices, being deposited into wallets connected to the hacker.

According to General Bytes, it has thoroughly assessed the damages from the hack and has been “working tirelessly” to improve security measures and prevent similar incidents from happening again.

General Bytes told affected customers to implement new security measures after the hack.  Source: General Bytes

Along with the reimbursement for affected customers, the ATM manufacturer has also said they are encouraging all customers to migrate to a self-hosted server installation, where they can effectively secure their server platform using VPN.

“We are investing heavily in additional human resources to assist our clients in migrating their existing infrastructure to a self-hosted server installation.”

According to General Bytes, the hack did not affect most ATM operators using self-hosted server installations, “as these customers employ VPN technology to protect their infrastructure.”

Related: More than 280 blockchains at risk of ‘zero-day’ exploits, warns security firm

The ATM manufacturer first warned customers about the hacker in a March 18 patch release bulletin. As a result of the security breach, General Btyes shuttered its cloud services.

“General Bytes takes the security of our customers’ funds and data very seriously. We apologize for any inconvenience caused and remain committed to serving our customers with integrity and professionalism.”

The company is based in Prague and, according to its website, has sold over 15,000 Bitcoin ATMs to purchasers in over 149 countries all over the world.

Bitcoin ATM maker shuts cloud service after user hot wallets compromised

Bitcoin ATM manufacturer General Bytes said a hacker was able to install and run a Java application in its terminals that could access user information and send funds from hot wallets.

Bitcoin ATM manufacturer General Bytes has shuttered its cloud services after discovering a “security vulnerability” that allowed an attacker to access users’ hot wallets and gain sensitive information, such as passwords and private keys.

The company is based in Prague and according to its website has sold over 15,000 Bitcoin (BTC) ATMs to purchasers in over 149 countries all over the world.

In a March 18 patch release bulletin, the ATM manufacturer issued a warning explaining that a hacker has been able to remotely upload and run a Java application via the master service interface into its terminals aimed at stealing user information and sending funds from hot wallets.

General Byes founder Karel Kyovsky in the bulletin explained this allowed the hacker to achieve the following:

  • “Ability to access the database.
  • Ability to read and decrypt API keys used to access funds in hot wallets and exchanges.
  • Send funds from hot wallets.
  • Download user names, their password hashes and turn off 2FA.
  • Ability to access terminal event logs and scan for any instance where customers scanned private key at the ATM. Older versions of ATM software were logging this information.”

The notice reveals that both General Bytes’ cloud service was breached as well as other operators’ standalone servers. 

“We’ve concluded multiple security audits since 2021, and none of them identified this vulnerability,” Kyovsky said.

Hot wallets compromised

Though the company noted that the hacker was able to “Send funds from hot wallets,” it did not disclose how much was stolen as a result of the breach.

However, General Bytes released the details of 41 wallet addresses that were used in the attack. On-chain data shows multiple transactions into one of the wallets, resulting in a total balance of 56 BTC, worth over $1.54 million at current prices.

General Bytes released the details of 41 wallet addresses used in the attack. Source: General Bytes

Another wallet shows multiple Ether (ETH) transactions, with the total received amounting to 21.82 ETH, worth roughly $36,000 at current prices.

Cointelegraph reached out to General Bytes for confirmation but did not receive a reply before publication.

Related: Bitcoin ATM decline: Over 400 machines went off the grid in under 60 days

The company has urgently advised BTC ATM operators to install their own standalone server and released two patches for their Crypto Application Server (CAS), which manages the ATM’s operation.

General Bytes is a Bitcoin ATM manufacturer based in Prague that has sold over 15,000 ATMs worldwide. Source: General Bytes

“Please keep your CAS behind a firewall and VPN. Terminals should also connect to CAS via VPN,” Kyovsky wrote.

“Additionally consider all your user’s passwords, and API keys to exchanges and hot wallets to be compromised. Please invalidate them and generate new keys & password.”

General Bytes previously had its servers compromised via a zero-day attack last September that enabled hackers to make themselves the default administrators and modify settings so that all funds would be transferred.

9 years after the first Bitcoin ATM, there are now 38,804 globally

From one Candian coffee shop to a worldwide network of nearly 39,000, crypto ATMs have turned nine years old and are only expected to continue growing.

On Oct. 29, 2013, a coffee shop in downtown Vancouver, Canada, opened what is understood to be the world’s first publicly available Bitcoin (BTC) ATM, operated by Robocoin. 

The crypto ATM saw 348 transactions and $100,000 transacted in its first week of operation.

As of Oct. 30, 2022 — nine years and one day on — Robocoin has ceased operations and the first crypto ATM has likely been removed or replaced, but crypto ATMs have continued to increase in number with 38,804 cryptocurrency ATMs in existence today, according to Coin ATM Radar.

The global hub for crypto ATMs has since moved, however, with the United States now housing nearly 88% of the world’s supply of crypto ATMs and taking credit for 90% of all newly installed ATMs over the past few months.

In October alone, 129 of the world’s newly installed ATMs were located in the United States out of a total of 205.

Canada, home to the first crypto ATM, has only seen that number creep to 566 after nine years, though it’s still placing in second at 6.6% of the total, according to Coin ATM Radar data.

Meanwhile, Spain became the third-largest crypto ATM hub on Oct. 22 with its 0.6% share across 215 ATMs.

A July report from Research and Markets estimates the crypto ATM space is now valued at $46.4 million, which will grow more than 10 times to  $472 million by 2027, driven by remittances and increased crypto ATM installations.

However, like many crypto-related products, crypto ATM installations have been challenged this year as a result of the crypto bear market.

Crypto ATM installations slowed between January and May before a slight recovery between June and August, but September saw net crypto ATMs drop globally for the first time ever after 459 machines were removed from the global network.

Related: How Bitcoin ATMs in Greece fare during a record-breaking tourist season

Bitcoin is still the most popular cryptocurrency transacted across crypto-enabled ATMs, with nearly 100% supporting BTC transactions, per Coin ATM Radar. However, other cryptocurrencies also appear to be supported across the network.

Litecoin (LTC) is popular, with almost 81% of ATMs supporting the crypto, and Ether (ETH) closely follows at almost 74%. Dogecoin (DOGE) sits in fourth place, with just under 40% supporting the so-called memecoin.

In early October, U.S. authorities warned crypto ATMs were emerging as a popular method for scammers to receive value and defraud victims, most often in “pig butchering” scams where the attacker poses as a potential romantic partner, gaining trust and asking the victim to send them money or, in some cases, cryptocurrency.