Vulnerable: Kraken reveals many US Bitcoin ATMs still use default admin QR codes
Kraken has urged BATMTwo ATM owners and operators to change the admin QR code for their ATMs to avoid potential attacks. Kraken Security Labs has said that a “large number” of Bitcoin ATMs are vulnerable to hacking as the administrators never changed the default admin QR code. In a Sept. 29 blog post, Kraken posted research from its Security Labs team which found that there are “multiple hardware and software vulnerabilities” in the General Bytes BATMTwo ATM range. “Multiple attack vectors were found through the default administrative QR code, the Android operating software, the ATM....
Related News
Bitcoin ATMs are becoming a popular fixture in major cities around the world. With the growth of bitcoin has come to the increased installations of automated teller machines where people can purchase bitcoin on the go. There are currently at least 26,000 bitcoin ATMs installed around the world. But the vast majority of these ATMs […]
Seattle and Austin will soon become the first US cities with bitcoin ATMs, provided everything goes according to plan. The machines are coming from ATM manufacturer Robocoin and the company claims they will be installed by the end of the month, Reuters reports. Robocoin ATMs are more elaborate than their Lamassu counterparts. They are cash-only machines and they have a few additional security features, such as biometric and optical scanners. In theory, this should allow much higher levels of security than regular ATMs. The barcode scanner can be used to scan QR codes and transfer bitcoins....
The hack meant that all crypto going into the Bitcoin ATM would instead be siphoned off by the hackers. Bitcoin ATM manufacturer General Bytes had its servers compromised via a zero-day attack on Aug. 18, which enabled the hackers to make themselves the default admins and modify settings so that all funds would be transferred to their wallet address. The amount of funds stolen and number of ATMs compromised has not been disclosed but the company has urgently advised ATM operators to update their software.The hack was confirmed by General Bytes on Aug. 18, which owns and operates 8827....
It appears that the leaked private key caused a change of ownership in the compromised smart contract 70 days prior. According to a new post by blockchain security firm SlowMist on Nov. 7, it appears that the last week’s token exploit affecting GameFi project Gala Games resulted from a public leak of applicable security keys on GitHub. As told by SlowMist, pNetwork, the cross-chain interoperability bridge used by Gala Games on the BNB Smart Chain, had three privileged roles in its smart contract pGALA.“The Admin role is used to manage upgrades and changes to the Admin address of the proxy....
Reusable payment codes, which can be used in place of bitcoin addresses to give transactions more privacy, just got more useful. Now there is a directory for payment codes, beta-launched last week by the Samourai Wallet developers. What is a Payment Code? The invention of the highly private bitcoin payment codes for Hierarchical Deterministic (HD)....