- Leading crypto exchange Kraken released a report warning of insufficient security measures in US Bitcoin ATMs.
- The report especially warned of the GBBATM2 brand, urging the crypto community to use trustable ATMs covered by surveillance cameras.
Bitcoin (BTC) ATMs in the US are vulnerable to hacks due to their poor security systems. This has been concluded in a recent report from Kraken, one of the largest crypto exchanges in the world by daily traded volume.
Notably, Bitcoin ATMs are standalone devices from where members of the public can buy or sell Bitcoin. These kiosks are connected to the Internet, utilizing QR codes to send and receive tokens to users’ digital wallets. Basic machines allow only Bitcoin purchase, while the more complex ones allow both buying and selling of virtual currencies. Kraken Security Labs, however, warns that the ATMs’ server address, applications, and security can easily be tampered with.
As of August 16, 2021, 58 out of the near 200 countries in the world had Bitcoin ATMs, Statista data shows. Out of all these, the US had the largest count of BTC ATMs at 22,235. Canada held second place but with a vast difference, having only 1,776 BTC ATMs. The report reads;
Bitcoin ATMs offer a convenient and friendly way for consumers to purchase cryptocurrencies. That ease of use can sometimes come at the expense of security,
Kraken on challenges facing US Bitcoin ATMs
The report called on high user alert especially when using the ATM brand GBBATM2. Other than the issues plaguing almost every other Bitcoin ATM, these particular ATMs have gross hardware and software faults. The hardware lacked compartmentalization and manufacturers of the brand were not changing the QR code across different ATMs. This downside makes these ATMs easy to unlock, especially since they have no security breach alarms.
Additionally, their Android-based operating systems (OS) allowed anyone to install applications, some of which may be malicious. Attackers can also generate their authentication requests seeing as cross-site forgery protections are non-existent.
The device contains no local or server-side alarm to alert others that the internal components are exposed. At this point, a would-be attacker could compromise the cash box, embedded computer, webcam, and fingerprint reader,
As a security measure, Kraken reported these ATM vulnerabilities to General Bytes in April this year. General Bytes is the largest Bitcoin ATM manufacturer worldwide, with nearly 32 percent of the global market share, Statista shows. The company revamped part of its backend system and alerted customers.
However, Kraken notes that comprehensive revisions are still necessary to resolve pending issues. The exchange also advises on the sole use of credible BTC ATMs. Users should also make sure these ATMs are well protected and have surveillance cameras.
While other Bitcoin ATM users struggle with these security hurdles, protests in El Salvador torched the same ATMs earlier this month. Vandals claimed poor government prioritization when issues such as food insecurity, depressed wages, and water shortage are unaddressed.