One of the largest cryptocurrency exchanges Kraken has identified confirmed vulnerabilities in US Bitcoin ATMs. The exchange’s security wing has revealed that there are many Bitcoin ATMs operational in the US that is still using the default admin QR code. The exchange pointed out that these need to be reset as the default QR codes could be susceptible to hacks.
Kraken published a blog post in which it shared the information on behalf of its Security Labs team. It alleged that there are many different hardware and software vulnerabilities” in the Bitcoin ATMs across the country putting users at tremendous risk.
“Multiple attack vectors were found through the default administrative QR code, the Android operating software, the ATM management system and even the hardware case of the machine,” Kraken said in the blog post.
It also said that once a hacker gets access to the administrative code they can easily compromise the security of any Bitcoin ATM. The problem is particularly with General Bytes Bitcoin ATMs and the company has said that they have already notified the concerned persons about these vulnerabilities.
“Kraken Security Labs reported the vulnerabilities to General Bytes on April 20, 2021, they released patches to their backend system (CAS) and alerted their customers, but full fixes for some of the issues may still require hardware revisions,” General Bytes said in a statement.
Security lapses and loss of funds are not uncommon with cryptocurrencies. Hackers are highly active and will exploit users at the slightest opportunity. While Kraken alerting users is commendable we expect that the measures have already been taken to avoid such unwanted risks.