Crypto ATM manufacturer General Bytes has reported that its cloud platform has been hacked. The hackers installed malware on devices and gained access to users’ assets, stealing over $1.5 million.

In a bulletin published by General Bytes, it is said that thanks to the vulnerability, attackers can remotely download Java applications to the company’s ATMs. With their help, hackers can access user information and input data, as well as steal cryptocurrencies from hot wallets. The company has suspended its cloud service, but ATMs connected to third-party servers also remain vulnerable.

“Hackers can access the database. They can read and decrypt API keys used to access funds on hot wallets and exchanges, withdraw assets from them. They also have access to usernames, can download their password hashes and disable two-factor authentication,” said General Bytes founder Karel Kyovsky.

The company published a list of 41 wallet addresses to which hackers transferred funds. Most of all, they withdrew bitcoins – 56 BTC are stored on the wallet, which is over $1.54 million. In addition, the attackers were able to steal almost 22 ETH.

This is not the first time that General Bytes ATMs have been hacked. Last August, the company reported that its crypto application server had been hacked. At the same time, as stated on the company’s website, it has released more than 15,000 cryptomats, which are used by companies from 149 countries.