General Bytes Hacked: Over $1.5M in Bitcoin Stolen, US Crypto ATMs Shut Down

General Bytes Hacked: Over $1.5M in Bitcoin Stolen, US Crypto ATMs Shut Down

N
News Editor 01
2026-07-08 14:14:13
General Bytes, the world's largest crypto ATM manufacturer, suffered a breach on March 17-18, losing 56.28 BTC (~$1.5M) and other tokens. The hack forced most U.S. ATM operators to temporarily shut down and prompted the company to discontinue its cloud service.
hackcryptocurrency ATMGeneral BytesBitcoinsecurity breach

General Bytes, the world's largest manufacturer of cryptocurrency ATMs, disclosed a critical security incident on March 17–18, 2023, in which a remote attacker exploited the master service interface to siphon funds from hot wallets. The company confirmed that 56.28 bitcoins (worth approximately $1.5 million at the time) were stolen, along with dozens of other cryptocurrencies including ETH, USDT, BUSD, ADA, DAI, DOGE, SHIB, and TRX. The breach forced the majority of U.S.-based crypto ATM operators running General Bytes machines to temporarily halt operations nationwide.

Attack Details

According to the official security bulletin, the attacker uploaded a custom Java application using the master service interface—a feature normally used by terminals to upload videos. This granted the hacker full BATM user privileges, allowing access to the database, decryption of API keys used to access hot wallets and exchanges, downloading of usernames and password hashes, and disabling of two-factor authentication (2FA). The attacker then initiated withdrawals from hot wallets belonging to approximately 15 to 20 ATM operators across the country. On-chain data shows that the primary Bitcoin address holding the 56.28 BTC has remained dormant since the last transaction at 3:20 a.m. on March 18, while some funds were moved to other addresses and a portion was sent to Uniswap, a decentralized exchange.

Impact and Response

A U.S.-based crypto ATM operator who spoke with Bitcoin.com News confirmed that all operators using General Bytes machines were forced to shut down servers for the evening. The operator noted that servers would need to be rebuilt from scratch — a lengthy process. General Bytes announced it is discontinuing its cloud service (CAS) and transitioning ATM operators to self-hosted servers. The company stated that multiple security audits had been conducted since 2021, but none identified the vulnerability exploited in this attack. Interestingly, one operator reported that its full node setup, which was “locked down enough,” prevented the attacker from accessing funds despite the system being compromised.

Historical Incidents

This is not the first security issue for General Bytes. In August 2022, the company was hit by a zero-day attack that allowed remote creation of an admin user via the CAS administrative interface. That vulnerability was patched promptly. In the current incident, General Bytes has released the attacker's Bitcoin address (still holding 56.28 BTC) and three IP addresses used during the breach. The company urged all customers to read the security bulletin and take immediate action to protect their funds and personal information.

The hack highlights persistent vulnerabilities in the crypto ATM industry. With over 9,505 machines deployed globally — the majority in the U.S. — General Bytes is a backbone of the physical crypto infrastructure. The incident not only disrupted operators but also sparked discussions about hot wallet security, the risks of cloud-based management, and the need for more rigorous third-party audits. As the investigation continues, operators are advised to move to self-hosted servers and implement additional layers of protection for their master service interfaces.

This article was originally published by Bit.Fan. For more cryptocurrency news and market insights, visit www.bit.fan.
300

Disclaimer:

The market information, project data, and third-party content displayed on this platform are for industry information sharing only and do not constitute any form of investment advice or return commitment.

Cryptocurrency trading carries high risks. Users should fully assess their risk tolerance and make independent decisions. All profits, losses, and legal responsibilities are borne by the users themselves.