General Bytes, one of the largest manufacturers of Bitcoin ATMs, has been hit by a significant security breach. As a result of an attack, operators of the Bitcoin ATMs lost a whopping $1.5 million in digital assets.
The hacker captured 1.5 million in Bitcoin (BTC) and other digital assets. To make matters worse, the attacker had access to user data and passwords. He was even able to disable two-factor authentication (2FA) and move assets out of individual accounts. Smaller assets were transferred to different exchanges, with a significant amount going to Uniswap.
The best articles of the week, directly delivered into your mailbox.Subscribe to our newsletter
Official statement of the manufacturer
In response to the incident, General Bytes has suspended its cloud services program and urges merchants and users to protect their sensitive data. The company has issued a security bulletin with more details on the incident. Most of General Bytes' bitcoin ATMs have been shut down and the company needs to build new servers from scratch. The company let it be known that despite conducting audits since 2021, they were unable to find the vulnerability that led to the intrusion.
The attackers gained access to the system through a KYC/AML-related interface. This allowed them to steal Bitcoin from the wallets of operators of the machines. General Bytes stated that it is still investigating the extent of the damage and the amount of stolen bitcoins. In addition, the company assured its customers that their personal data was not at risk, as it does not store customer data on its systems. However, according to General Bytes' knowledge base, user data worth protecting is stored on its servers. Since biometric KYC/AML verification appears to be outsourced, that data is at least not at risk. A large part of the almost 200 BTC ATMs installed in Switzerland are from General Bytes.
A wake-up call for the crypto industry
The security incident at vending machine operator General Bytes is just the latest in a series of high-profile cyberattacks that have targeted the cryptocurrency industry in recent years. The decentralized and partially unregulated nature of cryptocurrencies makes them an attractive target for hackers. They can easily exploit vulnerabilities in the system to steal digital assets.
The General Bytes incident should be a wake-up call for the entire cryptocurrency industry to take security seriously and invest in robust security measures to protect against cyber threats. Companies that handle people's digital assets and personal information need to take a proactive approach to security and continuously assess and improve their defenses.
