Hackers successfully pilfered more than $1.5 million from a series of bitcoin ATMs earlier this month after exploiting a previously unknown vulnerability.
In a statement over the weekend, bitcoin ATM manufacturer General Bytes revealed that hackers had accessed servers used by the ATMs.
After breaching the crypto application server (CAS), the hackers drained roughly 56 Bitcoin (BTC) as well as other cryptocurrencies from numerous internet-connected wallets. General Bytes notes that the attack allowed the hackers to upload a malicious application to the server with the same administrator privileges as the owners.
General Bytes says it noticed the attack and was able to patch the vulnerability within 15 hours. The stolen funds, however, are unrecoverable.
Taking further action, the company shut down its cloud service and instructed ATM owners to use their devices’ built-in servers instead. General Bytes stressed that despite having numerous security audits conducted since 2021, the vulnerability that allowed the hack to take place was never noticed.
“We are collecting data from our clients to validate all the losses; along with internal investigation, we will cooperate with authorities to do everything we can to identify the perpetrator,” the company said.
The hackers, according to General Bytes’ analysis, could have also disabled 2FA on users’ accounts as well as downloaded usernames and hashed passwords.
General Bytes later issued a call to any cybersecurity companies interested in helping secure their bitcoin ATMs further through physical audits.
The incident is not the first time that General Bytes has been targeted. Hackers also managed to steal funds from the company’s ATMs after exploiting a different vulnerability in August 2022.
Security experts have long advised bitcoin users against using internet-connected wallets, more commonly known as hot wallets, despite their convenience. Cold wallets, which are stored offline, remain the ideal choice.