General Bytes Hacked: $1.5M in Bitcoin Stolen, U.S. Crypto ATMs Shut Down Nationwide

General Bytes Hacked: $1.5M in Bitcoin Stolen, U.S. Crypto ATMs Shut Down Nationwide

N
News Editor 01
2026-07-08 14:10:13
General Bytes, the world's largest crypto ATM manufacturer, suffered a security breach on March 17-18, 2023. A hacker remotely accessed the master service interface, stealing 56.28 BTC (~$1.5 million) and other cryptocurrencies, forcing most U.S.-based operators to temporarily shut down.
General ByteshackBitcoincrypto ATMsecurity breach

General Bytes, the leading manufacturer of cryptocurrency automated teller machines (ATMs) with over 9,505 units deployed globally, experienced a severe security incident on March 17 and 18, 2023. The attacker remotely compromised the company's master service interface, gaining access to hot wallets and siphoning funds from approximately 15 to 20 U.S.-based crypto ATM operators. According to on-chain data, the hacker stole 56.28 Bitcoin (BTC), valued at roughly $1.5 million, along with a wide array of other cryptocurrencies including ETH, USDT, BUSD, ADA, DAI, DOGE, SHIB, and TRX.

Attack Vector: From Video Upload to Full System Compromise

In a security bulletin released on March 18, General Bytes detailed how the attacker exploited the master service interface — normally used by terminals to upload videos — to deploy a malicious Java application. This allowed the hacker to escalate privileges to a BATM user, access the underlying database, and decrypt API keys used to manage funds in hot wallets and connected exchanges. The attacker could also download usernames, retrieve password hashes, disable two-factor authentication (2FA), and directly transfer funds from hot wallets. Remarkably, the company stated that multiple security audits conducted since 2021 had failed to identify this vulnerability.

Industry Fallout: Widespread Shutdown of U.S. Crypto ATMs

Bitcoin.com News spoke with a U.S.-based crypto ATM operator who confirmed that all operators using General Bytes machines were ordered to shut down nationwide for the evening. Servers will need to be completely rebuilt from the ground up — a time-consuming process. In response, General Bytes announced it is discontinuing its cloud service and transitioning operators to self-hosted servers. This urgent migration poses significant operational challenges for thousands of ATM locations across the country. The company urged all customers to take immediate action to protect funds and personal information.

On-Chain Evidence and Historical Context

On-chain analysis reveals that the 56.28 BTC stolen in the attack has remained unmoved in a single address since its last transaction at 3:20 a.m. on March 18. Other stolen tokens were dispersed to multiple addresses, with a fraction sent to the decentralized exchange Uniswap. This is not the first security breach for General Bytes: In August 2022, the company suffered a zero-day attack that allowed remote creation of an admin user via the CAS administrative interface. The March 2023 incident exploited a different, previously unknown vulnerability. General Bytes disclosed the attacker's three IP addresses and the cryptocurrency addresses used in the attack, aiding law enforcement and forensic analysis.

Lessons Learned and Next Steps

The incident underscores the critical importance of securing hot wallets and master interfaces in crypto ATM infrastructure. While General Bytes is assisting affected operators with server rebuilds, many in the industry are calling for stricter security standards and independent audits. One operator told Bitcoin.com News that their firm's full-node setup and additional lockdown measures prevented the attacker from accessing funds despite the system being compromised — highlighting that layered defenses can mitigate even severe cloud vulnerabilities. Moving forward, operators are advised to adopt self-hosted solutions, implement strict network segmentation, and regularly rotate API keys. General Bytes has pledged to continue updating its security bulletin and to support the recovery process.

This article was originally published by Bit.Fan. For more cryptocurrency news and market insights, visit www.bit.fan.
300

Disclaimer:

The market information, project data, and third-party content displayed on this platform are for industry information sharing only and do not constitute any form of investment advice or return commitment.

Cryptocurrency trading carries high risks. Users should fully assess their risk tolerance and make independent decisions. All profits, losses, and legal responsibilities are borne by the users themselves.