Hackers managed to empty millions of dollars in digital currencies from ATMs cryptocurrencies by exploiting a zero-day vulnerability. The robbery targeted ATMs sold by General Bytes, a company with many ATMs around the world. These BATMs, short for bitcoin ATMs, can be placed in stores and other businesses to allow bitcoins to be exchanged for other currencies and vice versa.
Customers connect BATMs to a crypto application server (CAS from crypto application server) that they can manage or, until now, that General Bytes can manage for customers.
Over the weekend, General Bytes he revealed that more than $1,5 million in bitcoins had been withdrawn from an ATM. To carry out the heist, the unknown attacker exploited an unknown vulnerability that allowed him to run a malicious Java application. He then took about 56 BTC, worth about $1,5 million. General Bytes patched the vulnerability 15 hours after learning about it, but due to the way cryptocurrencies work, the losses were unrecoverable.
The company is currently in the process of collecting data from its customers to validate all losses from the hack, conducting an internal investigation and working with authorities in an effort to identify the hacker. General Bytes said that it has performed "numerous security checks since 2021" and that none of them detected the exploited vulnerability. The company is now in the process of seeking further assistance to secure its BATMs.
