Kraken Reveals Vulnerabilities in ‘Commonly Used’ Bitcoin ATMs
Kraken’s Security Labs, the cybersecurity arm of crypto exchange Kraken, has identified several vulnerabilities in the commonly used General Bytes BATMtwo Bitcoin ATM. “Our team found that a large number of ATMs are conf...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
Kraken’s Security Labs, the cybersecurity arm of crypto exchange Kraken, has identified several vulnerabilities in the commonly used General Bytes BATMtwo Bitcoin ATM.
“Our team found that a large number of ATMs are configured with the same default admin QR code, allowing anyone with this QR code to walk up to an ATM and compromise it,” the Kraken Security Labs team wrote in a blog post disclosing the vulnerabilities.
“Our team also found a lack of secure boot mechanisms, as well as critical vulnerabilities in the ATM management system,” Kraken added.
Kraken’s discoveries have both hardware and software ramifications for the General Bytes machines.
The detailsAccording to Kraken, the General Bytes BATMtwo ATM only has one single compartment protected by a lock.
Bitcoin ATMs are a convenient way to purchase crypto - but are they safe?
Kraken Security Labs discovered flaws in one major ATM fleet. Learn more: https://t.co/sYmYY1PUMx pic.twitter.com/xwMmWcgmSY
— Kraken Exchange (@krakenfx) September 29, 2021
“Bypassing it provides direct access to the full internals of the device,” Kraken said, adding that an attacker could “compromise the cash box, embedded computer, webcam and fingerprint reader.”
When it comes to software, Kraken found that “many common security features were lacking.”
By attaching a USB keyboard to the BATMtwo, it was possible to gain full access to the user interface. This, in theory, would allow would-be-attackers to install applications, copy files, or even have the device send private keys to the attacker.
Improving securityKraken provided a series of remedies for both users and owners or operators of Bitcoin ATMs.
Should you wish to use a Bitcoin ATM, Kraken advises that you only use those which are in stores you trust, and ensure that it has “perimeter protections” like surveillance cameras.
For owners and operators of General Bytes’ Bitcoin ATMs, Kraken suggests changing the default QR admin code, placing it in a location where there are security controls, and following General Bytes’ “best practices.”
Why this matters
This bitcoin story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on DecryptRelated market context
Crypto hacks hit a record count but the biggest threat isn’t smart contracts
Crypto hack counts just set a record. The warning in TRM Labs' latest data is where the money is actually being lost. In its H1 20...
FIFA’s 2026 World Cup schedule shake-up draws fire from Mexico coach as crypto partner Kraken watches from the sidelines
FIFA's schedule changes could disrupt team preparations, impacting performance, while Kraken's involvement highlights crypto's spo...
Kraken’s FIFA World Cup sponsorship gets a spotlight moment as Brazil’s dramatic exit captivates global audience
Kraken's FIFA partnership may boost crypto adoption but faces regulatory scrutiny, highlighting evolving acceptance and challenges...
England names starting XI for World Cup Round of 16 vs. Mexico as Kraken makes historic FIFA crypto partnership debut
Kraken's FIFA partnership highlights crypto's growing influence in global sports, potentially reshaping fan engagement and investm...
Kraken’s FIFA deal gets a dramatic stress test as Norway stuns Brazil in the 97th minute
Kraken's FIFA sponsorship highlights the potential for increased visibility and user growth, but sustained impact on trading volum...
FIFA’s 2026 World Cup gets its crypto moment as fan tokens surge and Kraken enters the pitch
The 2026 World Cup's crypto integration signals a shift towards mainstream adoption, potentially reshaping digital asset markets a...