Bitcoin ATM maker to refund customers impacted by zero-day hack
General Bytes has implemented several measures in the wake of the hack, including offering to reimburse its cloud-hosted customers and adding new security measures.
Bitcoin ATM manufacturer General Bytes says it is reimbursing its cloud-hosted customers that lost funds in a “security incident” in March that saw its customers’ hot wallets accessed.
As previously reported by Cointelegraph, the ATM manufacturer issued a statement about a security incident on March 17 and March 18, which involved a hacker remotely uploading a Java application into its terminals and gaining access to sensitive information, such as passwords, private keys and funds from hot wallets.
In a recent statement to Cointelegraph, the ATM manufacturer said have since been moving swiftly to “address the situation” and has made the decision to refund its “cloud-hosted customers who have lost funds.”
On March 17-18th, 2023, GENERAL BYTES experienced a security incident.
We released a statement urging customers to take immediate action to protect their personal information.
We urge all our customers to take immediate action to protect their funds and https://t.co/fajc61lcwR…
— GENERAL BYTES (@generalbytes) March 18, 2023
“We have taken immediate steps to prevent further unauthorized access to our systems and are working tirelessly to protect our customers,” a General Bytes said in a statement.
It was understood that the hack led to at least 56 BTC, worth over $1.5 million at current prices, and 21.82 ETH, $37,000 at current prices, being deposited into wallets connected to the hacker.
According to General Bytes, it has thoroughly assessed the damages from the hack and has been “working tirelessly” to improve security measures and prevent similar incidents from happening again.
Along with the reimbursement for affected customers, the ATM manufacturer has also said they are encouraging all customers to migrate to a self-hosted server installation, where they can effectively secure their server platform using VPN.
“We are investing heavily in additional human resources to assist our clients in migrating their existing infrastructure to a self-hosted server installation.”
According to General Bytes, the hack did not affect most ATM operators using self-hosted server installations” as these customers employ VPN technology to protect their infrastructure.”
Related: More than 280 blockchains at risk of ‘zero-day’ exploits, warns security firm
The ATM manufacturer first warned customers about the hacker in a March 18 patch release bulletin. As a result of the security breach, General Btyes shuttered its cloud services.
“General Bytes takes the security of our customers’ funds and data very seriously. We apologize for any inconvenience caused and remain committed to serving our customers with integrity and professionalism.”
The company is based in Prague and according to its website has sold over 15,000 Bitcoin (BTC) ATMs to purchasers in over 149 countries all over the world.