Kraken Reveals Security Vulnerabilities in Bitcoin ATMs

The machines’ manufacturer has released patches to mend the problem, but more revisions may be needed.

Sep 30, 2021 at 6:31 a.m. UTC
Updated Sep 30, 2021 at 3:34 p.m. UTC

Eliza Gkritsi is CoinDesk's crypto mining reporter based in Asia.

A commonly used model of bitcoin ATMs has several software and hardware vulnerabilities, Kraken Security Labs revealed in a blog post yesterday.

  • The security team notified the manufacturer, General Bytes, on April 20 of the attack vectors. General Bytes has released patches for the back-end system, but some fixes may require hardware revisions, Kraken said.
  • Bitcoin ATMs allow users to buy bitcoin using fiat currency. General Bytes is the second-largest manufacturer of Bitcoin ATMs, representing 22.7% of the global market, according to information provider Coin ATM Radar.
  • The model in question, the BATMtwo (GBBATM2), had several vulnerabilities, according to Kraken, including a default administrative QR code, the underlying Android operating software, the ATM’s management system and the machine’s hardware case.
The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Eliza Gkritsi is CoinDesk's crypto mining reporter based in Asia.

Eliza Gkritsi is CoinDesk's crypto mining reporter based in Asia.

Trending

1
DLCX: CoinDesk’s Large Cap Index

Large Cap Index (DLCX)

Large Cap Index (DLCX)

2
MicroStrategy’s New CFO Says Bitcoin Strategy Unchanged Amid Market Drop: Report

Andrew Kang spoke to the Wall Street Journal Wednesday regarding MicroStrategy's bitcoin strategy.

Andrew Kang spoke to the Wall Street Journal Wednesday regarding MicroStrategy's bitcoin strategy.

3
First Mover Americas: Hashed Takes $3.5B Hit on LUNA as Bitcoin Trades Under $30K

The latest moves in crypto markets in context for May 19, 2022.

The latest moves in crypto markets in context for May 19, 2022.

4
SingularityNET, SingularityDAO Receive $25M to Accelerate AI-Backed DeFi

Global investment group LDA Capital committed the funds and will provide strategic support.

Global investment group LDA Capital committed the funds and will provide strategic support.