Cryptocurrencies

Kraken discovers Bitcoin ATMs can be easily hacked

Even though Bitcoin ATMs offer a convenient way for consumers to purchase cryptocurrencies, Kraken Security Labs claims that ease of use can sometimes come at the expense of security.

Kraken uncovered multiple hardware and software vulnerabilities in a commonly used cryptocurrency ATM: The General Bytes BATMtwo (GBBATM2).

Multiple attack vectors were found through the default administrative QR code, the Android operating software, the ATM management system and even the hardware case of the machine.

Kraken’s crew discovered that numerous ATMs are built on the same default admin QR code, whicha llows anyone with this QR code to walk up to an ATM and jeopardise it.

Most of the BATM ATMs are located in the United States and Canada, with a combined figure tallying in at around 5,300, while Europe has around 824 ATMs installed.

Now Kraken Security Labs wants to create awareness for users around potential security flaws and alert the ATM producers so they can fix these problems.

Kraken Security Labs reported all problems and suspicions to General Bytes on April 20, 2021, they released patches to their backend system (CAS) and alerted their customers, but full fixes for some of the issues may still require hardware revisions.

Never let anyone steer you towards Bitcoin ATM

Bitcoin ATM scams happen pretty often nowadays. In July this year, in Berkeley, California, two women lost a total of $15,000.

Both women received a phone call from a person claiming to be a public safety officer in the city and were told that they had arrest warrants out for them on serious charges including tax evasion and money laundering.

The two women were then instructed to stay on the phone, go to the bank, take all the money from their bank accounts and transfer it via Bitcoin ATMs.

In one case, the victim transferred 10,000 dollars to the fraudsters, whereas in the other case, 5,000 dollars were transferred.

In Winnipeg, Canada, when criminals tacked up a printed notice to a Bitcoin ATM, claiming that the machine was undergoing maintenance while a new software upgrade was being installed.

As a result, users were advised to deposit the coins they bought not in their own wallets, but rather use a QR code provided on the paper. Of course, if any user sends the crypto to that account associated with the QR code, he loses Bitcoin.

Of Winnipeg’s 20 Bitcoin ATMs, police found posters on two of them, but no victims came forward. The main problem is that it is really difficult to trace the money.

Internet security company Malwarebytes warned about a new trend of petrol station Bitcoin ATM scams in which threat actors would post fake jobs listings to dupe applicants into money laundering.

The company warned: “If you’re dealing with QR codes in public, on ads or posters, check that they haven’t been tampered with (look for stickers with a new QR code placed over an original). And if anyone tries to steer you towards a Bitcoin ATM, move swiftly in the opposite direction.”

Teuta Franjkovic

Starting out as a staff writer with Cosmopolitan, Teuta has risen through the ranks of business journalism, editing daily newspapers and websites in the IT and economics industries. With a passion for creating opportunities and bringing people together, Teuta turned her attention to the world of crypto and blockchain. She holds a double MA in Public Politics and Entrepreneurship.

Disqus Comments Loading...

Recent Posts

Here is why Bitcoin is still a lucrative investment in 2024

Those who enter the market at this time may be surprised to hear that Bitcoin…

4 weeks ago

Zircuit Launches ZRC Token: Pioneering the Next Era of Decentralized Finance

George Town, Grand Cayman, 22nd November 2024, Chainwire

1 month ago

The surge of Bitcoin NFTs: Everything you should know about Bitcoin ordinals

From digital art to real-estate assets, NFTs have become a significant attraction for investors who…

2 months ago

MEXC Partners with Aptos to Launch Events Featuring a 1.5 Million USDT Prize Pool

Singapore, Singapore, 21st October 2024, Chainwire

2 months ago