Scam Alert

GENERAL BYTES Issues The Highest Severity Security Incident

Key Points:

  • The GENERAL BYTES cryptocurrency ATM service was attacked.
  • The attacker used the upload interface in the system to upload and run a malicious Java program to obtain the permissions of the database in the server and the hot wallet withdrawal API Key.
  • GENERAL BYTES also encountered a security incident in August 2022.
GENERAL BYTES, the manufacturer of Bitcoin ATMs, reported the most serious security incident.

Customers were urged to take quick steps to secure their personal information, according to a statement issued by the firm.

The attacker discovered a security flaw in the master service interface, which Bitcoin ATMs utilize to upload videos to the server. This is manifested in the capacity to read and decode API keys used to get access to money in hot wallets and exchanges.

The attacker examined the Digital Ocean cloud hosting IP address space and discovered CAS services operating on port 7741, including the General Bytes Cloud service and other GB ATM operators with servers hosted by Digital Ocean, the company’s cloud hosting provider.

Utilizing this security flaw, the attacker immediately uploaded his own program to the application server utilized by the admin interface. By default, the application server was set to run apps in its deployment folder.

The attacker may also get access to the database, obtain user names and password hashes, and disable 2FA. This disables security measures that might jeopardize user accounts.

According to the notification, users should consider all of their CAS passwords, API keys to exchanges, and hot wallets to have been stolen and disclosed. It is critical to produce new API keys, invalidate existing ones, and update all user passwords.

GENERAL BYTES is also shutting down its Cloud service to prevent further data breaches. There have been no claims of harm at this time, although the firm has disclosed wallet addresses that have been compromised.

Previously, GENERAL BYTES was subjected to another incident in which hackers used a zero-day vulnerability to redirect cash into their own accounts using General Bytes Bitcoin ATM servers.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Harold

Coincu News

Harold

With a passion for untangling the complexities of the financial world, I've spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. "The financial markets are a fascinating puzzle," I often say, "and I love helping people make sense of them." That's what drives me to bring clear and insightful financial journalism to the readers of Coincu.

Recent Posts

Bitcoin Spot ETF Inflows Hit $1 Billion Led By BlackRock

Bitcoin Spot ETF inflows hit $1.005B on Nov 21, led by BlackRock’s $608M and Fidelity’s…

16 minutes ago

New York Techie Bagged $72M from $15K Investment in Ethereum — Here’s How BlockDAG Can Offer Similar Jackpot

Discover the success story of a New York tech entrepreneur who made $72M from a…

45 minutes ago

Best Altcoins to Buy Today: Qubetics Rides 1000x Potential to Hit $2.6M, Ethereum Stays Rangebound, Tron USDT Transactions Hit $52B

Discover the best cryptos to buy and hold today: Qubetics leads with 1000x potential, Ethereum…

2 hours ago

Trump Media Company Is Pushing New Venture For Crypto Service

With the platform facing a cracked whip, Trump Media company is expanding into new business…

3 hours ago

Crypto Advisory Council Now A White House Position Attracting Leaders

Major crypto firms, including Ripple, Kraken, and Circle, are competing for spots on President-elect Donald…

4 hours ago

Analyst Sounds Major Breakout Alert Amid Shiba Inu, WallitIQ, And Dogecoin Price Recoveries

Analysts highlight a breakout alert as Shiba Inu (SHIB), and Dogecoin show signs of recovery…

4 hours ago

This website uses cookies.