Kraken discovers Bitcoin ATMs can be easily hacked

— 3 minute read

Kraken discovers Bitcoin ATMs can be easily hacked

Despite the fact that Bitcoin ATMs make it easy for people to buy bitcoins, Kraken Security Labs says that convenience might often come at the expense of security. enter image description here

The General Bytes BATMtwo cryptocurrency ATM was discovered to have various hardware and software vulnerabilities, according to Kraken (GBBATM2).

The default administrative QR code, Android running software, the ATM management system, and even the machine's physical enclosure were all discovered to be attack vectors.

Kraken's team noticed that many ATMs use the same default admin QR code, allowing anyone with the code to go up to an ATM and put it in jeopardy.

Now, Kraken Security Labs wants to raise user knowledge of potential security holes and warn ATM manufacturers so that they can rectify the issues. enter image description here

On April 20, 2021, Kraken Security Labs notified General Bytes of all flaws and suspicions, and they released patches to their backend system (CAS) and notified their customers, but full remedies for some of the issues may still require hardware upgrades.

Never allow anyone to lead you to a Bitcoin ATM. Scams involving Bitcoin ATMs are rather common these days. Two women in Berkeley, California, lost a total of $15,000 in July of this year.

Both women received a phone call from someone pretending to be a city public safety officer informing them that they had arrest warrants for major offences such as tax evasion and money laundering.

The two women were then told to stay on the phone, go to the bank, withdraw all of their money, and transfer it to Bitcoin ATMs.

In one example, the victim gave the fraudsters $10,000, while in the other, the victim gave the fraudsters $5,000.

Criminals affixed a printed note to a Bitcoin ATM in Winnipeg, Canada, saying that the machine was undergoing maintenance until a new software upgrade was deployed.

As a result, consumers were instructed to deposit the coins they purchased using a QR code provided on the paper rather than their personal wallets. Of course, any user who sends cryptocurrency to the account linked to the QR code would lose Bitcoin.

Police discovered posters on two of Winnipeg's 20 Bitcoin ATMs, but no victims came forward. The biggest issue is that tracing the money is extremely tough.

Malwarebytes, an internet security firm, has cautioned about a new trend of fuel station Bitcoin ATM frauds, in which threat actors post bogus job advertising in order to lure candidates into money laundering.

“If you're working with QR codes in public, on ads or posters, make sure they haven't been tampered with,” the business advised (look for stickers with a new QR code placed over an original). And if somebody tries to steer you in the direction of a Bitcoin ATM, run the other way.”