Hackers have stolen $1.6M from Bitcoin ATMs using a zero-day security flaw.
This is the second time that ATM maker General Bytes has been breached in one year.
General Bytes makes Bitcoin ATMs allowing people to purchase or sell over 40 cryptocurrencies.
- Customers can deploy their ATMs using standalone management servers or the General Bytes cloud service.
- According to the company, the threat actor breached the ATMs by scanning the Digital Ocean IP address space.
- By gaining unauthorized access, hackers had access to critical information such as:
- database,
- API keys,
- usernames,
- password hashes,
- 2FA details, etc.
