{"id":346223,"date":"2021-09-30T06:45:03","date_gmt":"2021-09-30T03:45:03","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/vulnerable-kraken-reveals-many-us-bitcoin-atms-still-use-default-admin-qr-codes\/"},"modified":"2021-09-30T06:45:03","modified_gmt":"2021-09-30T03:45:03","slug":"vulnerable-kraken-reveals-many-us-bitcoin-atms-still-use-default-admin-qr-codes","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/vulnerable-kraken-reveals-many-us-bitcoin-atms-still-use-default-admin-qr-codes\/","title":{"rendered":"# Vulnerable: Kraken reveals many US Bitcoin ATMs still use default admin QR codes"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2f4b81cca9a\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2f4b81cca9a\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/vulnerable-kraken-reveals-many-us-bitcoin-atms-still-use-default-admin-qr-codes\/#Bitcoin_ATM_scams\" >Bitcoin ATM scams<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong># Vulnerable: Kraken reveals many US Bitcoin ATMs still use default admin QR codes <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDkvNDYzN2QyYzItOTUyNy00MjE0LWFjNjMtODIyNTlkM2RjMGI2LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-128018ef>Kraken Security Labs has said that a \u201clarge number\u201d of Bitcoin ATMs are vulnerable to hacking as the administrators never changed the default admin QR code. <\/p>\n<p>In a Sept. 29 blog post, Kraken posted research from its Security Labs team which found that there are \u201cmultiple hardware and software vulnerabilities\u201d in the <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">General<\/a> Bytes BATMTwo ATM range. <\/p>\n<p>\u201cMultiple attack vectors were found through the default administrative QR code, the Android operating software, the ATM management system and even the hardware case of the machine,\u201d the post read. <\/p>\n<p>Kraken\u2019s security team stated that if a hacker gets their hands on the administrative code, they can essentially \u201cwalk up to an ATM and compromise it,\u201d while also highlighting issues with the BATMtwo\u2019s lack of secure boot mechanisms, as well as \u201ccritical vulnerabilities\u201d in the ATM\u2019s management system. However, General Bytes has reportedly already alerted ATM owners to the vulnerabilities:<\/p>\n<blockquote><p>\u201cKraken Security Labs reported the vulnerabilities to General Bytes on April 20, 2021, they released patches to their backend system (CAS) and alerted their customers, but full fixes for some of the issues may still  require hardware revisions.\u201d<\/p><\/blockquote>\n<p>The team also found that it was able to gain full access to the Android operating system behind the BATMTwo ATM by simply attaching a USB keyboard to the machine, and warned that \u201canyone\u201d could \u201cinstall <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lications, copy files or conduct other malicious activities.\u201d <\/p>\n<p>General Bytes is headquartered in the Czech Republic and, according to Coin ATM Radar, there are currently 6391 General Bytes ATMs <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/coinatmradar.com\/manufacturer\/5\/general-bytes-bitcoin-atm-producer\/\">installed<\/a> worldwide, which represents 22.7% of the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/coinatmradar.com\/charts\/manufacturer-share\/\">global market<\/a>. However, those figures also account for BATMThree machines which weren\u2019t reported on by Kraken. <\/p>\n<p>The majority of the BATM ATMs are located in the U.S. and Canada, with a combined figure tallying in at around 5300, while Europe has around 824 ATMs installed. <\/p>\n<p>Kraken is calling on BATMTwo owners and operators to change the default QR admin code, update the CAS server and place the ATMs in visible locations for security cameras. <\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>El Salvador ranks third in global Bitcoin ATM installations, data finds<\/em><\/strong><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Bitcoin_ATM_scams\"><\/span>Bitcoin ATM scams<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>While reports of hacked Bitcoin ATMs appear to be minimal, there is a history of crafty individuals building scams around crypto ATMs.<\/p>\n<p>In March of 2019, the Toronto Police issued a public <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/thenextweb.com\/news\/double-spenders-scam-150000-bitcoin\">statement<\/a> calling on the community to locate four men suspected of carrying out a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/watch-movies-tv-seriess\/\" data-internallinksmanager029f6b8e52c=\"8\" title=\"Watch Movies &amp; TV Series\" target=\"_blank\" rel=\"noopener\">series<\/a> of \u201cdouble-spending\u201d transactions that fetched $150,000 worth of funds over a 10-day window. Double spending consists of canceling transactions before the ATM has had a chance to confirm but keeping the dispensed cash. <\/p>\n<p>The Oakland Press <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.theoaklandpress.com\/2021\/06\/22\/phone-scam-alert-after-2-berkley-women-lose-total-of-15k-2\/\">reported<\/a> on June. 22 of this year that two women from Berkley were scammed out of a combined $15,000 after fraudsters posed as public safety officers and federal employees. The scammers reportedly told the victims that they had outstanding warrants and tax violations, and ordered them to pay fines via local Bitcoin ATMs in the area. <\/p>\n<p>And Malwarebytes <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/blog.malwarebytes.com\/scams\/2021\/08\/if-a-qr-code-leads-you-to-a-bitcoin-atm-at-a-gas-station-its-a-scam\/\">posted<\/a> research in August which uncovered a trend of gas station Bitcoin ATM scams in which threat actors would post fake jobs listings to dupe applicants into money laundering. <\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/vulnerable-kraken-reveals-many-us-bitcoin-atms-still-use-default-admin-qr-codes\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# Vulnerable: Kraken reveals many US Bitcoin ATMs still use default admin QR codes &#8221; Kraken Security Labs has said that a \u201clarge number\u201d of Bitcoin ATMs are vulnerable to hacking as the administrators never changed the default admin QR code. In a Sept. 29 blog post, Kraken posted research from its Security Labs team&#8230;<\/p>\n","protected":false},"author":1,"featured_media":346224,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDkvNDYzN2QyYzItOTUyNy00MjE0LWFjNjMtODIyNTlkM2RjMGI2LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[75023,74882,75540,70719,117,70944,71101],"class_list":["post-346223","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-bitcoin-scams","tag-hacks","tag-kraken","tag-atm","tag-business","tag-hackers","tag-scams"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/346223","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=346223"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/346223\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/346224"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=346223"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=346223"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=346223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}