Kraken Unveils Security Flaws in Large Number of U.S. Bitcoin ATMs

Bitcoin ATMs are increasingly popular in major cities around the world. With the growth of bitcoin, there has been an increase in ATM facilities where people can buy bitcoin on the go. There are currently at least 26,000 bitcoin ATMs installed in the world. But the the vast majority of these ATMs (over 80%) are located in the United States. This is due to the high rate of technology adoption in the country.
Related reading | Diamond Hands: 80% of Bitcoin’s Circulating Supply Now Belongs to Long-Term Holders
As Bitcoin ATMs became a more accepted form of purchasing, Kraken Security Labs decided to investigate the security of these machines. Its investigation led to the discovery of alarming vulnerabilities in some of the crypto ATMs currently deployed around the world. Specifically, General Bytes bitcoin ATMs have a security vulnerability that could be exploited by anyone with access to the administrator code.
Different ATMs, one code
Kraken Security Laboratories discovered that the General Bytes BATMtwo ATM (GBBATM2), which is one of the most widely used crypto ATMs, had a number of attack vectors in its admin QR code. This code is given to ATM owners upon purchase to configure their machines. The default administrative QR code is then scanned on the machine and a password must be set on each ATM through the backend system.
Upon inspecting various used ATMs that the Kraken Security Labs teams had purchased, they discovered that none of these ATMs had a password configured and therefore still used the default administrative code sent with the ATMs. Otherwise it would not be a problem. But the lab found that the same admin QR code was set for all General Bytes bitcoin ATMs. This would allow anyone with access to the administrative QR key to compromise any ATM whose default code has not been changed to a unique password.
BTC price recovers above $47K | Source: BTCUSD on TradingView.com
Security Labs said it informed the General Bytes team of the vulnerability in April when it first discovered it and several fixes were released for the backend system (CAS). But these comprehensive fixes had not yet been implemented because they would require “hardware revisions.”
Protect your Bitcoin
In light of the complete fixes that have yet to be released to address these vulnerabilities, the Kraken Security Labs have warned the public to be very careful when it comes to transacting at bitcoin ATMs. Users are advised to ensure that the machines they are using are trusted machines. Additionally, users should be very aware of their surroundings and look for ATMs with surveillance cameras where there is no undetected access to ATMs.
Related reading | Deutsche Bank analyst Marion Laboure says Bitcoin is here to stay as digital gold
Additionally, investors are advised to avoid using these ATMs when possible due to these vulnerabilities. As the findings of Kraken Security Labs show that these machines can be exploited both at the hardware and software level.
Featured image from Quartz, chart from TradingView.com