Kraken exchange exposes Bitcoin (BTC) ATM vulnerabilities

Thu 30 Sep 2021 ▪ 17h05 ▪ 3 min read — by James Taylor

Kraken Security Labs, the cybersecurity arm of Kraken crypto exchange, has pointed out several vulnerabilities in the widely used Bitcoin General Bytes BATMtwo ATMs. According to developers, the vulnerability of the ATM system may allow fraudsters easy access to it. The statement appeared on Kraken’s blog on 29th September.

Kraken’s research

Kraken analysts have identified several vulnerabilities of popular crypto ATMs at both the software and hardware levels. According to Kraken’s blog, the devices in question are General Bytes ATMs. Kraken’s team mentioned that General Bytes have released new patches to their backend system (CAS) and notified their customers, but “full fixes for some of the issues may still require hardware revisions”. Kraken also pointed out some problems in the Android operating software. By connecting a USB keyboard to a BATM, you can get full access to user interface. This allows potential attackers to install applications, copy files, and even receive private keys.

BATM vulnerabilities overview

Multiple ATMs being configured with one default admin QR code is yet another BATMs’ vulnerability according to Kraken.

“Our team found that a large number of ATMs are configured with the same default admin QR code, allowing anyone with this QR code to walk up to an ATM and compromise it.”

Kraken’s tips

Kraken has listed a number of tips for users and operators of Bitcoin ATMs. For instance, users are advised to only use ATMs located in places with surveillance cameras. For BATM owners and operators, Kraken suggests changing the admin code, placing the ATM in a location with security controls, as well as following General Bytes’ “best practices”.

General Bytes currently occupies about 30% of the crypto banking market. Most of the BATM ATMs are located in the USA and Canada (around 5,300 devices), with about 824 ATMs installed in Europe. According to analysts, rectifying the aforementioned shortcomings will help preserve many BATM users’ assets.

Earlier this week, Kraken was fined $1.25 million (£926,841) for facilitating margined retail commodity transactions in digital assets to US customers. Representatives of the crypto exchange have neither acknowledged nor refuted the accusations. 

Recevez un condensé de l’actualité dans le monde des cryptomonnaies en vous abonnant à notre nouveau service de newsletter quotidienne et hebdomadaire pour ne rien manquer de l’essentiel Cointribune !

James Taylor avatar
James Taylor

Trends are temporary. The blockchain isn’t a trend; it’s the future. I want to help as many people as possible understand it in a simple, clear and interesting way.


The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.

Ne manquez aucune actu et abonnez-vous à Cointribune sur Google Actualités !