Kraken Reveals Security Vulnerabilities in Bitcoin ATMs
The machines’ manufacturer has released patches to mend the problem, but more revisions may be needed.
Updated May 11, 2023 at 5:19 p.m. UTC
A commonly used model of bitcoin ATMs has several software and hardware vulnerabilities, Kraken Security Labs revealed in a blog post yesterday.
- The security team notified the manufacturer, General Bytes, on April 20 of the attack vectors. General Bytes has released patches for the back-end system, but some fixes may require hardware revisions, Kraken said.
- Bitcoin ATMs allow users to buy bitcoin using fiat currency. General Bytes is the second-largest manufacturer of Bitcoin ATMs, representing 22.7% of the global market, according to information provider Coin ATM Radar.
- The model in question, the BATMtwo (GBBATM2), had several vulnerabilities, according to Kraken, including a default administrative QR code, the underlying Android operating software, the ATM’s management system and the machine’s hardware case.