Bitcoin ATMs. If you’re unfamiliar with them, they’re actually one of the most innovative crypto inventions. The way it works is you buy bitcoin, or a variety of other crypto coins, directly from these ATM machines, using cash or other means, and transfer your freshly purchased crypto into your crypto wallet. Since crypto isn’t owned by any entity, like a bank, for instance, the crypto you just purchased doesn’t go to a bank account or anything like that; it goes directly into your bitcoin wallet. Pretty neat, right?
One of the leading bitcoin ATM networks is General Bytes. General Bytes is actually the leading manufacturer of bitcoin and cryptocurrency ATM machines. General Bytes’ ATM network is spread out across the globe and has several headquarters in Europe as well as the United States. General Bytes offers five types of bitcoin ATMs at the moment, each differentiated on the basis of its functionalities. The range starts from the BATMTwo, which costs $3,649, all the way up to the BATMFour, which costs a whopping $7,198! All of these bitcoin ATMs are state of the art, and the innovation behind them is simply amazing.
Up until now, the General Bytes bitcoin ATMs were considered secure and protected from exploits, as the company claims. But all of that changed when unidentified hackers exploited the bitcoin ATMs by uploading a malicious Java application using the master service interface that is used by the terminals to upload videos. This allowed the attackers the gain access to the Digital Ocean servers that the General Bytes Cloud service was using. Upon gaining access to the server, the actor (s) were able to read and decrypt the keys that are used by the BATMs to exchange crypto between wallets and crypto exchanges. Et voila. Access to millions in crypto right there. So, what exactly went wrong?
The attack was categorised as a zero-day flaw in the General Bytes bitcoin ATMs. In case you’re unfamiliar with how a zero-day attack works, it starts with the attackers identifying an exploit in the software that the manufacturer is unaware of. Meaning that the attackers target a part of the software that the manufacturer did not see as a vulnerability or expected to be attacked. Once the attacker identifies this vulnerability, they exploit it, gaining access to the system and launching their attack. Which, in this case, was gaining access to the API keys used to transfer crypto between the exchanges and the crypto wallets. Soon, the manufacturer is made aware of the exploit, and they release an update fixing the point of attack that was exploited. This is exactly what happened with the General Bytes bitcoin ATMs. The hackers gained access to the General Bytes Cloud service, stole the API keys, usernames, and passwords, toggled off the two-factor authentication (2FA) and simply stole from users’ wallets. The damages were summed up to an estimate of $1.6M in bitcoin and approximated $39,000 of Ethereum that was converted to USDT to cover their tracks and $96,500 worth of LTC. Those are some pretty high figures.
General Bytes responded with an immediate shutdown of its services to patch the vulnerability while further auditing its entire software modules to figure out any other existing points of attack. General Bytes notified users to rotate their passwords and API keys, and they should assume that they are completely compromised. General Bytes also suggested its terminal operator customers to keep their servers protected under a layer of firewalls and VPNs. Do you think the response from General Bytes was enough?
Ever since blockchain became a mainstream technology and crypto gained traction, hackers have given it their best shot to steal this untraceable currency. The anonymity and liberty of crypto are what make it a revolutionary technology, and they’re also what makes it vulnerable. So, what can you do? Well, for starters, never go with untrusted crypto exchanges and platforms. Always opt for the most premium, reputable and highly trusted crypto-buying platforms that offer you a secure crypto-buying and selling environment. Attackers will always target crypto-buying platforms because getting into wallets and exchanges is not an easy job, so you have to ensure that the crypto-buying platform you’re trusting is completely safe and secure. Like Voltcoins, a high-end, versatile, and completely secure crypto-buying platform that allows users to buy a wide range of crypto coins. Voltcoins is a trusted crypto-buying platform that offers a blistering fast KYC process and quick & secure transactions. The one-stop crypto exchange solution offers users to buy bitcoin (BTC), Ethereum (ETC), LiteCoin (LTC), and Tether (USD). For ease of payment, you can pick from three different payment methods, including bank wire transfers, credit card payments, as well as Interac. If you want a secure, trusted, and reliable place to buy crypto from, head over to Voltcoins now and place an order!