Inside Job Theft Cripples Bitheus’ BitXatm Network
A post from Bitheus’ blog, a German-based Bitcoin ATM company, they announced that they had been sabotaged by an employee over an extended period of time. At the time of the announcement on September 21, at least 18 out of more than 30 of the BitXatm Bitcoin ATM’s, also known as Bitcoin Teller Machines (BTM’s), were affected, with no recourse offered for operators as of yet.
As their internal investigation and collaboration with police authorities evolved, Bitheus released information about the nature of the attacks and some general ideas of where they would be heading with their continued investigation as well as their operations with existing customers. However, for the past two weeks, there have been no public updates from the company on their blog.
The described sabotage seemed to have been executed by an internal employee and was allegedly instigated by customers within the Bitheus Bitxatm network. The breach was reported within machines which were not of the latest generation of software that Bitheus offered according to the post.
John Saeyong Ra, General Manager of Bitcoin Center Korea and owner-operator of a Bitheus BitXatm BTM, stated via email that there had been little communication from Bitheus since the network initially went down.
“I first saw the problem on September 20 and I thought it was just a DDoS attack. But then it went on for more than week. So I wrote to support and eventually learned that it was an insider hack. They temporarily put our BTM on their private network but everything was wiped out, including the bitcoin balance. They are not responding about it at all. I wrote emails a number of times but I have received no response.”
At the time of writing, it is unclear how many Bitheus BitXatm owner operators were affected by this attack and to what extent. At least one other BitXatm located in Yokosuka, Japan is still down and has not been updated by the operating company. Several other locations have been reached out to for comment by have not yet responded.
Other BTM providers have reached out to the general masses of BTM owner operators with offers of help.
At the time of the last blog post by Bitheus they stated that they would be moving to an open-source platform in an undetermined amount of time and called for their customers and network to participate in building the aforementioned network. Despite there being a variety of Bitheus BitXatm “Sumo” BTM’s on the market, it is unclear which models are going to have default security and encryption described in the blog post.
As the Bitcoin Center Korea BTM is now running on the private network, it is still unclear to Mr. Saeyong Ra about when or how the missing Bitcoin will be addressed. Bitheus has stated that they are close to having an arrest made in the investigation, however, there have been no updates to the blog posts since then. There has also been no mention of progress on the BitXatm Twitter page either at the time of writing.
Bitheus has not yet responded to requests for comment via email.