General Bytes, a Bitcoin ATM manufacturer and software provider, has reported a security breach with a highest severity on March 18.
According to the release, the attacker was able to remotely upload his own java application using the master service interface, which was used by the terminals to upload videos and run it using batm user privileges.
The severity of this breach has been classified as highest, as it has resulted in the attacker gaining access to sensitive data and unauthorized funds transfer. The breach has allowed the attacker to access the company's database and read and decrypt API keys used to access funds in hot wallets and exchanges. The attacker has also been able to send funds from hot wallets and download user names, password hashes, and turn off 2FA.
Furthermore, the attacker had access to the terminal event logs and could scan for instances where customers scanned private keys at the ATM. The older versions of ATM software were logging this information, which increased the vulnerability of customer data.
General Bytes warns users not to continue operate their GB ATM server (CAS) unless provided solutions are implemented.