Scam Alert

GENERAL BYTES Issues The Highest Severity Security Incident

Key Points:

  • The GENERAL BYTES cryptocurrency ATM service was attacked.
  • The attacker used the upload interface in the system to upload and run a malicious Java program to obtain the permissions of the database in the server and the hot wallet withdrawal API Key.
  • GENERAL BYTES also encountered a security incident in August 2022.
GENERAL BYTES, the manufacturer of Bitcoin ATMs, reported the most serious security incident.

Customers were urged to take quick steps to secure their personal information, according to a statement issued by the firm.

The attacker discovered a security flaw in the master service interface, which Bitcoin ATMs utilize to upload videos to the server. This is manifested in the capacity to read and decode API keys used to get access to money in hot wallets and exchanges.

The attacker examined the Digital Ocean cloud hosting IP address space and discovered CAS services operating on port 7741, including the General Bytes Cloud service and other GB ATM operators with servers hosted by Digital Ocean, the company’s cloud hosting provider.

Utilizing this security flaw, the attacker immediately uploaded his own program to the application server utilized by the admin interface. By default, the application server was set to run apps in its deployment folder.

The attacker may also get access to the database, obtain user names and password hashes, and disable 2FA. This disables security measures that might jeopardize user accounts.

According to the notification, users should consider all of their CAS passwords, API keys to exchanges, and hot wallets to have been stolen and disclosed. It is critical to produce new API keys, invalidate existing ones, and update all user passwords.

GENERAL BYTES is also shutting down its Cloud service to prevent further data breaches. There have been no claims of harm at this time, although the firm has disclosed wallet addresses that have been compromised.

Previously, GENERAL BYTES was subjected to another incident in which hackers used a zero-day vulnerability to redirect cash into their own accounts using General Bytes Bitcoin ATM servers.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Harold

Coincu News

Harold

With a passion for untangling the complexities of the financial world, I've spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. "The financial markets are a fascinating puzzle," I often say, "and I love helping people make sense of them." That's what drives me to bring clear and insightful financial journalism to the readers of Coincu.

Recent Posts

Missed the AAVE Bullish Ride? This New Presale Can Turn Your Thousands into Millions

While Aave finds itself in uncertain territory, a fresh face in the crypto scene, Qubetics…

3 hours ago

Dogecoin Price Forecast: Analysts Push For $0.2288 DOGE While This Ethereum Altcoin Eyes 8,000% Gains In The Next 16 Days

Analysts push for a Dogecoin price surge to its $0.2288 yearly high while ETFSwap (ETFS)…

3 hours ago

Below $1 Swift Altcoin Competitor Could Overshadow XRP Price Potential Election Rally 

Discover the promising altcoin under $1 that may outperform XRP amid election volatility and market…

3 hours ago

Polkadot and SP Negócios Collaborate to Enhance Crypto Economy Development

Campinas, Brazil, 5th November 2024, Chainwire

4 hours ago

Terra Shuttle Bridge Has Now Been Disabled

Terra Shuttle Bridge has now been closed, and all remaining LUNC and USTC tokens have…

5 hours ago

FLOKI Announces Dubai Takeover with WAFI Mall Campaign

Miami, Florida, 5th November 2024, Chainwire

6 hours ago

This website uses cookies.