Kraken Security Labs, the cybersecurity department of the Kraken exchange, has revealed multiple hardware and software vulnerabilities in a popular bitcoin (EXANTE: Bitcoin) ATM — The General Bytes BATMtwo (GBBATM2). According to a blog post, the machine is vulnerable to multiple attacks through the default administrative QR code only.
The experts say scanning the default QR admin code is all it takes to take over a lot of bitcoin ATMs. The cybersecurity team also found a lack of "secure boot mechanisms." Kraken Security Labs said no tamper detection mechanism has been found which means that any unsanctioned access cannot be detected without external perimeter security such as surveillance cameras.
The team of cybersecurity experts advices owners of bitcoin ATMs to change the default QR admin code, update their CAS server and follow General Bytes' best practices. The machine owners should also consider locating the ATMs in locations with security controls.
In January last year, cybersecurity researchers at Kraken Security Labs also discovered a way to extract seeds from such wallets as Trezor One and Trezor Model T within 15 minutes. According to the experts, all it takes from a potential hacker is physical access to the wallet.
Access more than 50 of the world's financial markets directly from your EXANTE account – including NASDAQ, London Stock Exchange and Tokyo Stock Exchange.