Category: Bitcoin ATMs

Categories
Bitcoin ATMs Crypto News Hackers

Hackers Target Bitcoin ATMs Through Zero-Day Attacks

Adding to recent consumer consternation caused by illiquid crypto exchanges and lenders, hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal funds from customers.

General Bytes is the manufacturer of Bitcoin ATMs that, depending on the product, allow users to purchase or sell more than 40 different cryptocurrencies. However, in recent incidents that have seriously compromised their security, when customers have deposited or purchased cryptocurrency using these ATMs, the funds were instead siphoned off by hackers.

Remote Servers to Blame

The Bitcoin ATMs are controlled by a remote Crypto Application Server (CAS) that manages the ATM’s operation, which cryptocurrencies are supported, and executes the purchases and sales of cryptos on exchanges.

According to General Bytes’ security advice, the attacks were conducted using a zero-day vulnerability in its CAS:

The attacker was able to create an admin user remotely via the CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user. This vulnerability has been present in CAS software since version 20201208.

General Bytes security advice

General Bytes believes the hackers scanned the internet for exposed servers running on TCP ports 7777 or 443, including servers hosted at Digital Ocean and General Bytes’ own cloud service.

The hackers then exploited the bug to add a default admin user named ‘gb’ to the CAS, and modified the ‘buy’ and ‘sell’ crypto settings and ‘invalid payment address’ to recognise a crypto wallet under the hackers’ control.

Funds Diverted to Hackers’ Wallet

Once they had modified these settings, any cryptocurrencies received by CAS were forwarded to the hackers instead. “Two-way ATMs started to forward coins to the attackers’ wallet when customers sent coins to the ATM,” according to the security advice.

General Bytes, one of the largest manufacturers of cryptocurrency ATMs with almost 9,000 machines installed all over the world, is warning customers not to operate Bitcoin ATMs until they have applied two server patch releases, 20220531.38 and 20220725.22, on their servers. It has also provided a checklist of steps to perform on the devices before they are put back into service.

Most Exposed Servers Are in Canada

While it remains unclear how many servers were breached using this vulnerability and how much cryptocurrency was stolen, according to information provided by security firm BinaryEdge there are currently 18 General Bytes Crypto Application Servers still exposed to the internet, with the majority located in Canada.

Last year, El Salvador led the adoption of bitcoin in Central and South America by launching 1,000 Bitcoin ATMs across the country for buying and selling BTC. However, less than three months later a bitcoin ATM was burned and defaced with anti-BTC messages as protesters demonstrated resistance towards El Salvador’s pro-crypto President Nayib Bukele.

Categories
Banking Bitcoin Bitcoin ATMs Crypto News

El Salvador’s Bitcoin Wallet Outperforms Banks in Opening Weeks

More than two million El Salvadoreans are already actively using the Bitcoin wallet Chivo, according to the president of the Central American republic.

In just three weeks since bitcoin (BTC) officially became legal tender in El Salvador, roughly one-third of the population is using the wallet.

On legalising BTC, President Nakib Bukele promised locals they could receive US$30 worth of the asset if they downloaded a Chivo wallet. Despite technical issues with the app’s launch, engagement levels show there are now more users than there are bank account holders in El Salvador.

It’s Been a Bumpy Roll-Out

The roll-out of El Salvador’s brave new bitcoin world has not been without its pitfalls. Just over a week after BTC was legalised, protesters set fire to a Chivo ATM machine in the Plaza Gerardo Barrios, located in the nation’s capital city centre. The September 15 pro-democracy demonstration coincided with the bicentenary of El Salvadorean independence.

Three times this month, the government has “bought the dip” as the price of bitcoin fluctuated and it now has an accumulated stash of 700 BTC. The practice has attracted its share of critics, with economist and long-term gold proponent Peter Schiff warning: “Be careful what you wish for. The dip may end up being a much larger plunge than you expect.”

Categories
ATM Bitcoin Bitcoin ATMs Crypto News Regulation

Bitcoin ATM Burned in El Salvador Amid Anti-Government Protests

A bitcoin ATM was burned and defaced with anti-BTC messages that read “democracy is not for sale” as protesters demonstrated resistance towards El Salvador’s pro-crypto President Nayib Bukele.

Protesters destroyed the Chivo machine in the Plaza Gerardo Barrios, located in the nation’s capital city centre. The government has installed 200 BATMs throughout the country as part of the reform to allow bitcoin as legal tender as El Salvador implemented the Central American republic’s Bitcoin Law on September 7.

Thousands of pro-democracy Salvadoreans took to the streets to protest against the government’s acceptance of cryptocurrency. The September 15 demonstration coincided with the bicentenary of El Salvadorean independence.

Protesters marched through the central square in San Salvador holding placards reading “Respect the Constitution” and “No to Bitcoin”, denouncing a perceived dictatorship.

Last month, protesters gathered to oppose the Bitcoin Law outside the capital’s Legislative Assembly Building, claiming the legislation only facilitates money laundering and corruption.

Categories
Bitcoin Bitcoin ATM Bitcoin ATMs Crypto News

Companies Plan Rollout Over 10,000 Bitcoin ATMs to Gas Stations Across the USA

Hudson Yards, NYC

As of January 2021, there are approximately 17,000 bitcoin ATMs worldwide, with this number set to continue increasing as 10,000 more are planned to rollout in the USA this year.

Bitcoin ATMs Are Targeting Gas Stations

According to Coin ATM Radar there are Bitcoin ATMs in every single state except for Alaska and Washington D.C.

Bitcoin ATM Example

Las Vegas-based Coin Cloud has 1,470 machines around the United States and expects to have over 10,000 by year-end, said CEO Chris McAlary.

Another ATM supplier based in Chicago, CoinFlip, apparently increased their ATM count from 420 last year to 1,800 now. CoinFlip CEO Daniel Polotsky also said that during the same time transactions per ATM increased nearly three times.

The demand has been so high that General Bytes, a major Bitcoin ATM manufacturer, temporarily ran out of stock last summer. The company sold 3,000 machines last year, 90% of which went to North America, said founder Karel Kyovsky.

Australia is Lagging Behind In The Bitcoin ATM Game

Australia has around 54 Bitcoin ATMs nationwide, which is considerably less than most other major countries. Most of these are located in Melbourne in shopping centres. Will we see Australia follow the USA’s lead and install Bitcoin ATMs in gas stations such as Coles Express, Caltex, BP and even 7-Eleven?

ATMs Provide Easy Access to Cryptos

One of the major drivers for the increase of these ATMs is the growing sentiment toward Bitcoin (BTC). The average punter may find it easier to use an ATM to buy Bitcoin than buying it online. There is also the added benefit of being able to buy Bitcoin with cash at an ATM.

Aside from the strict Bitcoin only ATMs there are others that allow you to buy various other major cryptocurrencies like Ethereum (ETH) and some even allow you to buy Dogecoin (DOGE).

Source: How many bitcoin atms

One of the main disadvantages of using these machines rather than transacting online is that the fees are usually much higher. The majority of these operators ask more than 10% transaction fee, whereas online you wouldn’t often be looking at something over 2-3% depending on your transaction size.