Home
News
- The default administrative QR code, Android operating software, the ATM management system, and even the machine’s physical enclosure were all discovered to be attack vectors
- if a hacker obtains the administration code, they can go up to an ATM and compromise it
- The con artists allegedly told the victims that they had outstanding warrants and tax violations
According to Kraken Security Labs, a significant number of Bitcoin ATMs are vulnerable to hacking because the default admin QR code was never altered.
Kraken published research from its Security Labs team in a blog post on September 29 that revealed multiple hardware and software vulnerabilities in the General Bytes BATMTwo ATM line. The default administrative QR code, Android operating software, the ATM management system, and even the machine’s physical enclosure were all discovered to be attack vectors, according to the post.
According to Kraken’s security team, if a hacker obtains the administration code, they can go up to an ATM and compromise it, as well as difficulties with the BAT two’s lack of secure boot procedures and major vulnerabilities in the ATM’s management system. General Bytes, on the other hand, is said to have already notified ATM owners of the flaws.
On April 20, 2021, Kraken Security Labs notified General Bytes of the vulnerabilities, and they issued patches to their backend system (CAS) and notified their customers, however full remedies for some of the flaws may still require hardware revisions.
The team also discovered that by just connecting a USB keyboard to the BATMTwo ATM, it was able to acquire full access to the Android operating system, and warned that anyone might install software, copy files, or conduct other nefarious activities.
General Bytes is based in the Czech Republic. The company has 6391 ATMs installed around the world, accounting for 22.7 percent of the total market. However, those data include BATMThree machines, which Kraken did not report on.
The bulk of BATM ATMs are located in the United States and Canada, with a total of over 5300 deployed, while Europe has around 824 ATMs.
The owners and operators of BATMTwo are being urged to modify the default QR admin code, update the CAS server, and locate the ATMs in visible areas for security cameras, according to Kraken.
Bitcoin ATMs are on rise
While there have been few incidents of hacked Bitcoin ATMs, there is a history of cunning individuals concocting frauds around crypto ATMs.
In March of this year, the Toronto Police Service released a public statement asking for help in locating four males suspected of carrying out a series of double-spending transactions totaling $150,000 over a 10-day period. Double spending occurs when a transaction is cancelled before the ATM has had a chance to confirm it, but the dispensed cash is kept.
On June 22 of this year, the Oakland Press reported that two ladies from Berkley were duped out of a total of $15,000 by fraudsters posing as public safety officers and government officials. The con artists allegedly told the victims that they had outstanding warrants and tax violations, and that they needed to pay fines using local Bitcoin ATMs.
In August, Malwarebytes published data revealing a trend of gas station Bitcoin ATM frauds in which threat actors created false job advertising to lure candidates into money laundering.
Steve Anderson is an Australian crypto enthusiast. He is a specialist in management and trading for over 5 years. Steve has worked as a crypto trader, he loves learning about decentralisation, understanding the true potential of the blockchain.
