Wasn't their platform audited before they started business? ATM software in particular are more in need of it than others since their client versions often stay put.
Before they started business, I'm not sure, although I wondered why General Bytes mentioned of a number of audits conducted since 2020 when it has been in operation years before that. Accordingly, however, "General Bytes products regularly undergo security audits at a minimum once a year."
[1] Whether once a year at a minimum is enough, apparently not. Moreover, despite several audits conducted over the years, this vulnerability wasn't detected. Which makes me curious how serious or comprehensive their security audits are.
[1]
https://www.generalbytes.com/en/news/kraken-findingsI don't quite understand how these kinds of hacks happen. Probably because the Bitcoins are held in a web wallet instead of a hardware wallet, I understand. I imagine this automates the process instead of someone having to physically handle the hardware wallet to send Bitcoins when someone pays with cash to buy Bitcoin or create a payment address when someone wants to sell.
It's certainly impractical to manually operate ATMs. Anyway, it seems that in this particular hack, it's the deposited coins that are targeted. So it's probably the sellers and not the buyers that are falling victim.
~snip~
This is probably the case. Losses will probably be on the operator's end rather than on the end users' or the manufacturer's.
Saw this already made by Another member, the mastering of Bitcoin ATMs hasn't yet been completed and Hackers knows this , I can only imagine how many trials is going on from Hackers just to infiltrate Bitcoin ATMS across the world this leads me to wonder right now after this incidence.
# who takes the blames
# what happens to the customers funds.
# would there be refunds
# what measures would be taking to prevent this from happening in future.
Everything would be clear as soon as the dust settles down. However, it seems General Bytes is more liable to the operators and the operators to the end users, so we'll see whether there will be refund and where it will be coming from.
Thanks for the heads up! Will be locking this thread now as this is apparently a duplicate. Again, many thanks!
~snip~
~snip~
A similar thread was opened earlier by DdmrDdmr on this same topic.
https://bitcointalk.org/index.php?topic=5410704.msg60795600#msg60795600