Kraken Reveals Security Vulnerabilities in Bitcoin ATMs

The machines’ manufacturer has released patches to mend the problem, but more revisions may be needed.

AccessTimeIconSep 30, 2021 at 3:34 p.m. UTC
Updated May 11, 2023 at 5:19 p.m. UTC

A commonly used model of bitcoin ATMs has several software and hardware vulnerabilities, Kraken Security Labs revealed in a blog post yesterday.

  • The security team notified the manufacturer, General Bytes, on April 20 of the attack vectors. General Bytes has released patches for the back-end system, but some fixes may require hardware revisions, Kraken said.
  • Bitcoin ATMs allow users to buy bitcoin using fiat currency. General Bytes is the second-largest manufacturer of Bitcoin ATMs, representing 22.7% of the global market, according to information provider Coin ATM Radar.
  • The model in question, the BATMtwo (GBBATM2), had several vulnerabilities, according to Kraken, including a default administrative QR code, the underlying Android operating software, the ATM’s management system and the machine’s hardware case.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Eliza Gkritsi

Eliza Gkritsi is a CoinDesk contributor focused on the intersection of crypto and AI.