Hackers Exploit Zero-Day Vulnerability to Drain Millions from Cryptocurrency ATMs


A recent heist targeting Bitcoin ATMs (BATMs) sold by General Bytes has left customers with unrecoverable losses of over $1.5 million in bitcoin. Hackers managed to exploit a zero-day vulnerability in the BATMs that allowed them to upload and execute a malicious Java application using the master server interface, draining various hot wallets of roughly 56 BTC. The vulnerability was patched 15 hours after it was detected, but the losses were unrecoverable due to the nature of cryptocurrencies.

General Bytes has stated that they will no longer manage CASes on behalf of customers, which means terminal holders will have to manage the servers themselves. The company is also in the process of collecting data from customers to validate all losses related to the hack, performing an internal investigation, and cooperating with authorities in an attempt to identify the threat actor.

The incident underscores the risk of storing cryptocurrencies in internet-accessible wallets, commonly called hot wallets. Security practitioners have long advised people to store funds in cold wallets, meaning they’re not directly accessible to the internet. Unfortunately, BATMs and other types of cryptocurrency ATMs generally can’t follow this best practice because the terminals must be connected to hot wallets so that they can make transactions in real-time. That means BATMs are likely to remain a prime target for hackers.

The incident also highlights the importance of conducting regular security audits and seeking further help in securing cryptocurrency infrastructures. It’s critical to follow best practices such as storing funds in cold wallets and implementing strong security measures to mitigate the risk of attacks.