Security Breach at Bitcoin ATM Maker: General Bytes Closes Cloud Service Amid Vulnerability – Here’s What Happened

ATM Bitcoin
Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Source: a video screenshot, Bitcoin Depot / YouTube

Major Bitcoin ATM manufacturer General Bytes has experienced a security breach that led to $1.5 million worth of BTC stolen from a number of its crypto ATM operators. 

In a recent blog post, General Byes founder Karel Kyovsky said that a hacker was able to upload their own Java application onto the company’s Bitcoin ATMs, which allowed them to read and decrypt API keys to access funds on exchanges and hot wallets.

This resulted in the attacker gaining the ability to access the database, download user names and passwords, turn off two-factor authentication, and scan terminal event logs for instances when customers scanned private keys in the ATM, Kyovsky said. 

“We released a statement urging customers to take immediate action to protect their personal information,” the company explained in a Twitter post. “We urge all our customers to take immediate action to protect their funds and personal information and carefully read the security bulletin.”

Meanwhile, on-chain data shows a wallet used in the attack holds 56 BTC, worth over $1.5 million, which was received around the time of the attack. 

Etherscan data showed that the attacker also moved around 21.79 Ethereum ($39,043) through Uniswap decentralized exchange (DEX).

General Bytes added that other wallets used by the hacker during the attack belonged to digital assets like XRP, BUSD, Cardano, DAI, DogeCoin, Shiba Inu, Tron, etc.

General Bytes Closes its Cloud Service

General Bytes announced that both its cloud service and standalone servers were compromised. As a result, the company is closing down its cloud service. It said:

“It is theoretically (and practically) impossible to secure a system granting access to multiple operators at the same time where some of them are bad actors. You’ll need to install your own Standalone server. GB support will help you migrate your data from the GB Cloud to your own Standalone server.”

The company also advised BTC ATM operators to install their own standalone server and released two patches for their Crypto Application Server (CAS), which manages the ATM’s operation.

“Please keep your CAS behind a firewall and VPN. Terminals should also connect to CAS via VPN,” Kyovsky wrote. “Additionally consider all your user’s passwords, and API keys to exchanges and hot wallets to be compromised. Please invalidate them and generate new keys & password.”

General Bytes is the largest cryptocurrency ATM manufacturer with thousands of machines located across the United States. 

According to its website has sold over 15,000 Bitcoin ATMs to purchasers in over 149 countries all over the world.

Notably, this is not the first time General Bytes has experienced a breach. 

In August 2022, the company reported a hack that led to the theft of deposited Bitcoins at ATMs. At the time, the company said around $16,000 were stolen by the hackers.

More Articles

Ethereum News
Linea Updates Sybil List After Reviewing Appeals, Removes 3.5K False Positives
Veronika Rinecker
Veronika Rinecker
2025-02-18 09:03:47
Blockchain News
EU Watchdog ESMA Proposes Mandatory Knowledge Checks for Crypto Firms
Shalini Nagarajan
Shalini Nagarajan
2025-02-18 08:34:44
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors