BTCATM maker General Bytes has shut down its cloud service after discovering a "network security problem" that allows attackers to access customers' hot wallets and obtain more sensitive information such as passwords and public keys.

The company, headquartered in Warsaw, has sold more than 15000 BTC (BTC) ATMs to customers in more than 149 countries around the world, according to its website.

In the release of the patch pack released on March 18, ATM manufacturers issued a warning explaining that hackers could already submit and operate Java to the terminal using remote control through the main service interface in order to steal customer information and remit money from hot wallets.

Karel Kyovsky, founder of General Byes, explained in the announcement that this enabled hackers to achieve the following overall goals:

• "access to the database level.
• You can load and decipher the API keys of funds used to access popular wallets and trading centers.
• Send assets out of a hot wallet.
• Download login name, hash his login password and turn off 2FA for free.
• All cases where the end device system log can be accessed and the scanner user scans the public key on the ATM. This information is recorded in the old version of ATM mobile phone software.

Announcements show that General Bytes's cloud services and stand-alone hosts on other platforms have been attacked.

"several network security audits have been completed since 2021, but none of these vulnerabilities have been found," Kyovsky said.

The hot wallet was conquered.

Although the company stressed that hackers could "remit money from popular wallets", it did not reveal how much money was stolen as a result of the invasion.

However, General Bytes released details of the detailed addresses of 41 wallets commonly used in the attack. According to the information on the chain, one of the wallets was bought and sold several times, with a total quota of 56 BTC and a value of more than $1.54 million at the current purchase price.

Another wallet showed several ETH transactions and received a total of 21.82 ETH, worth about $36000 at current purchase prices.

Cointelegraph contacted General Bytes to check, but announced that he had not received a text message before.

The company has urgently proposed that BTC ATM network operators assemble their own independent hosts and issue two patch packs for its data encryption website server (CAS), a virtual server that operates ATMs.

Please put your CAS behind the network firewall and VPN. End devices should also be sent to CAS through VPN, "Kyovsky wrote.

"in addition, taking full account of all your customers' login passwords, API keys that can also be used for swapping and hot wallets can be leaked. Please disable it and generate a new key account and password. "

General Bytes attacked its web server in September last year based on a zero-day attack, allowing hackers to make themselves the default settings manager and change settings to facilitate the relocation of all assets.