A commonly used model of bitcoin ATMs has several software and hardware vulnerabilities, Kraken Security Labs revealed in a blog post yesterday.
- The security team notified the manufacturer, General Bytes, on April 20 of the attack vectors. General Bytes has released patches for the backend system but some fixes may require hardware revisions, Kraken said.
- Bitcoin ATMs allow users to buy bitcoin using fiat currency. General Bytes is the second-largest manufacturer of Bitcoin ATMs, representing 22.7% of the global market, according to information provider Coin ATM Radar.
- The model in question, the BATMtwo (GBBATM2) had several vulnerabilities, according to Kraken including a default administrative QR code, the underlying Android operating software, the ATM’s management system, and the machine’s hardware case.