• On March 17-18, hackers took advantage of a zero-day vulnerability to drain all coins and funds from several bitcoin ATMs hosted by General Bytes.
• The hackers scanned the IP address space managed by cloud host Digital Ocean, identified running CAS services on ports 7741, then exploited the vulnerability to upload Java applications directly to the application server used by the admin interface.
• General Bytes is now asking customers for data and performing an internal investigation while cooperating with federal officials as they try to understand what happened.
General Bytes ATMs Attacked
A group of crypto hackers have drained all the coins and funds from several bitcoin ATMs throughout the world hosted by a company called General Bytes.
Zero-Day Vulnerability Exploited
The hackers took advantage of what’s referred to as a zero-day vulnerability to prevent all transaction losses from being reversed.
General Bytes Apologizes for Losses
General Bytes apologized for what happened and is continuously working to resolve all cases in order to help clients back online and continue operations as soon as possible. They are also reviewing their security procedures in light of this incident.
Hackers Gain Control of Machines
The attackers were able to gain control of these machines by scanning the IP address space managed by cloud host Digital Ocean, identifying running CAS services on ports 7741, then exploiting the vulnerability to upload Java applications directly to the application server used by the admin interface.