Hacker hacked the servers of General Bytes bitcoin ATMs
The attack compromised user passwords and API keys
20.03.2023 - 08:00
652
2 min
0
What’s new? General Bytes, a bitcoin ATM manufacturer, reported the highest-risk incident, which occurred on March 17 and 18. By remotely uploading his own java application through the master service interface, the attacker managed to gain access to terminals and hack into GENERAL BYTES Cloud service as well as offline servers of other operators.
General Bytes’ official announcement
How did the attack happen? The attacker identified a vulnerability in the interface of the service used by crypto ATMs to upload videos to the server. The attacker scanned the Digital Ocean cloud hosting IP addresses and found running CAS services on ports 7741. Using this vulnerability, the hacker uploaded his own application directly to the server used by the admin interface. The application server was configured by default to run applications in the deployment folder. As a result of the hack, the hacker gained the following capabilities:
- Database access;
- Reading and decrypting API keys used to access funds in hot wallets and exchanges;
- Sending funds from hot wallets;
- Downloading usernames and password hashes;
- Disabling two-factor authentication;
- Accessing terminal event logs, including when customers scanned a private key with a crypto ATM.
To protect against the threats, General Bytes announced it was shutting down the cloud service and warned operators to install their own standalone server. In addition, due to the compromise of all users’ passwords, as well as API keys to exchanges and hot wallets, operators need to revoke them and generate new keys and passwords.
Last August, General Bytes also reportedthe compromise of its servers. Then hackers managed to change the system settings so that cryptocurrency came directly to their wallets. And in October, the FBI notedan increase in the use of cryptocurrencies by scammers. Individual losses of investors ranged from tens of thousands to millions of dollars.
Useful material?
Telegram 
Twitter Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Incidents
According to Blockaid, the attack may have been carried out by the same hacker behind the 1inch Fusion V1 exploit.
May 7, 2026
Incidents
The attacker gained administrative access and altered contracts to drain user funds
Apr 30, 2026
Cryptocurrency rates
-
Bitcoin
$64 251
BTC
-3.11%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.2
XRP
-0.47%
-
Dogecoin
$0.091147
DOGE
-1.17%
-
TRON
$0.160134
TRX
-1.59%
-
Zcash
$609.45
ZEC
+0.83%
-
Cardano
$0.199419
ADA
-5.21%
-
Stellar XLM
$0.211713
XLM
-3.64%
-
Polkadot
$3.32
DOT
+5.27%