Key Points:
Customers were urged to take quick steps to secure their personal information, according to a statement issued by the firm.
The attacker discovered a security flaw in the master service interface, which Bitcoin ATMs utilize to upload videos to the server. This is manifested in the capacity to read and decode API keys used to get access to money in hot wallets and exchanges.
The attacker examined the Digital Ocean cloud hosting IP address space and discovered CAS services operating on port 7741, including the General Bytes Cloud service and other GB ATM operators with servers hosted by Digital Ocean, the company’s cloud hosting provider.
Utilizing this security flaw, the attacker immediately uploaded his own program to the application server utilized by the admin interface. By default, the application server was set to run apps in its deployment folder.
The attacker may also get access to the database, obtain user names and password hashes, and disable 2FA. This disables security measures that might jeopardize user accounts.
According to the notification, users should consider all of their CAS passwords, API keys to exchanges, and hot wallets to have been stolen and disclosed. It is critical to produce new API keys, invalidate existing ones, and update all user passwords.
GENERAL BYTES is also shutting down its Cloud service to prevent further data breaches. There have been no claims of harm at this time, although the firm has disclosed wallet addresses that have been compromised.
Previously, GENERAL BYTES was subjected to another incident in which hackers used a zero-day vulnerability to redirect cash into their own accounts using General Bytes Bitcoin ATM servers.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Harold
Coincu News
Bitcoin transactions represent the movement of bitcoins from senders to receivers, digitally signed using cryptography…
Visa's new metric finds that over 90% of stablecoin transaction volumes lack genuine user engagement.
Data from Coinglass has unveiled staggering figures of liquidated contracts, shaking both seasoned investors and…
Over 84% of the staked Sui token supply is controlled by the founders, raising centralization…
The Coinbase class action lawsuit, echoing a previous case against the exchange, accuses it of…
Tether's CEO, Paolo Ardoino, highlights discrepancies in the Bitfinex data breach, revealing that only a…
This website uses cookies.