Hackers have one Zero-day vulnerability at one The Bitcoin ATM (BATM) exploited to generate cryptocoins worth $1.5 million (1.4 million euros) to steal. Victims have no way to reverse the transactions.
The company’s machines are affected General Bytes. The company demanded via twitter all customers to respond immediately to protect their belongings.
In a statement General Bytes explains that the hackers had exploited a vulnerability in their BATM’s software. Bitcoin can be exchanged for cash in other currencies at ATMs worldwide. To do this, the machine connects to you Crypto Application Server (CAS)through which General Bytes handles the transaction.
Hot wallet security key stolen
However, users can also upload videos to the CAS via the BATM. Here the hackers discovered a security hole. This allowed them to upload and run malware. This allowed the cybercriminals to access the database and read the API keys needed to access Hot Wallets access.
Hot Wallets sind permanent online accessible via the key. In contrast, will Cold Wallets stored on physical media such as a hard drive. With access to the hot wallets, the hackers were able to transfer the bitcoin to their own wallet.
56 bitcoin looted
Access to the database allowed usernames and passwords as well as private keys, i.e. the security keys for the wallet, to be stolen. With that they captured 56 BTCwhat current 1.48 million euros is equivalent to.
True, General Bytes was able to exploit the vulnerability 15 hours close after they become known. However, the already captured bitcoins are lost. Now users have to manage CAS themselves if they want to withdraw money.
General Bytes is now working with authorities to apprehend those responsible. Despite multiple security checks, the vulnerability has not yet been discovered. Therefore, an internal investigation is now to be initiated.
