According to reports, a crypto hack cost Bitcoin ATM manufacturer General Bytes approximately $1.5 million worth of Bitcoin.
On March 17 and 18, the company disclosed a security problem that had compromised user information and permitted unauthorized access to such information.
The press statement states (1) that the attacker was able to acquire remote access to the full database as well as API keys, hot wallets, user names, and passwords.
As a consequence of this, the attacker has the ability to disable two-factor authentication and view terminal event logs that reveal users who have authenticated their private keys anywhere at Bitcoin ATM.
This resulted in the hot wallets being compromised, which allowed the hacker to transfer tokens to other wallet addresses. The cloud services provided by General Bytes were also compromised by the breach.
After the breach, the manufacturer of Bitcoin ATMs disclosed the 41 wallet addresses that had been compromised.
One of the wallet addresses was credited with 56 bitcoins, which is equivalent to around $1.5 million. Another wallet address received around 21.82 ETH, which is equivalent to more than $39,000 at the current market pricing.
General Bytes’ Reaction
After the security breach, the ATM manufacturer terminated its cloud services to prevent any additional exposure of sensitive customer data to the risk of being compromised.
Also, the corporation distributed security advice to all of its ATM operators and consumers across the globe.
The warning provided operators with guidance on how to confirm the existence of intrusions on their networks and how to correct the vulnerabilities that were discovered.
Once more, the company that created Bitcoin encouraged owners of Bitcoin ATMs to install their own standalone server, and it released two security fixes for the Crypto Application Server (CAS).
In addition, the company has issued an open offer to several other security companies to conduct another assessment of its systems. The company mentioned that it had successfully passed various security inspections in the year 2021.
According to what it said, “None of them discovered this vulnerability.”
The organization is of the opinion that conducting several audits by a variety of organizations will increase the likelihood of successfully avoiding future incidents of a similar nature.
In order to conduct a thorough inspection of the automated teller machines (ATMs), any and all security companies that express interest will be needed to make a brief visit to our offices in Prague.
Putting Together a Comprehensive Defense Plan
Even if smart contracts & private keys might be the most common vectors for crypto hacking, this does not mean that they are the only dangers. The crypto breach highlights, once again, how important it is to build a comprehensive security strategy for the blockchain ecosystem.
Attacks on the blockchain can be thwarted using such a technique, and they can be mounted at any level within the ecosystem.