Kraken exchange exposes Bitcoin (BTC) ATM vulnerabilities
Kraken Security Labs, the cybersecurity arm of Kraken crypto exchange, has pointed out several vulnerabilities in the widely used Bitcoin General Bytes BATMtwo ATMs. According to developers, the vulnerability of the ATM system may allow fraudsters easy access to it. The statement appeared on Kraken’s blog on 29th September.
Kraken analysts have identified several vulnerabilities of popular crypto ATMs at both the software and hardware levels. According to Kraken’s blog, the devices in question are General Bytes ATMs. Kraken’s team mentioned that General Bytes have released new patches to their backend system (CAS) and notified their customers, but “full fixes for some of the issues may still require hardware revisions”. Kraken also pointed out some problems in the Android operating software. By connecting a USB keyboard to a BATM, you can get full access to user interface. This allows potential attackers to install applications, copy files, and even receive private keys.
BATM vulnerabilities overview
Multiple ATMs being configured with one default admin QR code is yet another BATMs’ vulnerability according to Kraken.
“Our team found that a large number of ATMs are configured with the same default admin QR code, allowing anyone with this QR code to walk up to an ATM and compromise it.”
Kraken has listed a number of tips for users and operators of Bitcoin ATMs. For instance, users are advised to only use ATMs located in places with surveillance cameras. For BATM owners and operators, Kraken suggests changing the admin code, placing the ATM in a location with security controls, as well as following General Bytes’ “best practices”.
General Bytes currently occupies about 30% of the crypto banking market. Most of the BATM ATMs are located in the USA and Canada (around 5,300 devices), with about 824 ATMs installed in Europe. According to analysts, rectifying the aforementioned shortcomings will help preserve many BATM users’ assets.
Earlier this week, Kraken was fined $1.25 million (£926,841) for facilitating margined retail commodity transactions in digital assets to US customers. Representatives of the crypto exchange have neither acknowledged nor refuted the accusations.
Recevez un condensé de l’actualité dans le monde des cryptomonnaies en vous abonnant à notre nouveau service dequotidienne et hebdomadaire pour ne rien manquer de l’essentiel Cointribune !
Trends are temporary. The blockchain isn’t a trend; it’s the future. I want to help as many people as possible understand it in a simple, clear and interesting way.
The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.