Tech
Share this article

Kraken Reveals Security Vulnerabilities in Bitcoin ATMs

The machines’ manufacturer has released patches to mend the problem, but more revisions may be needed.

By Eliza Gkritsi
Updated May 11, 2023, 5:19 p.m. Published Sep 30, 2021, 3:34 p.m.
(Angel Garcia/Bloomberg via Getty Images)
(Angel Garcia/Bloomberg via Getty Images)

A commonly used model of bitcoin ATMs has several software and hardware vulnerabilities, Kraken Security Labs revealed in a blog post yesterday.

  • The security team notified the manufacturer, General Bytes, on April 20 of the attack vectors. General Bytes has released patches for the back-end system, but some fixes may require hardware revisions, Kraken said.
  • Bitcoin ATMs allow users to buy bitcoin using fiat currency. General Bytes is the second-largest manufacturer of Bitcoin ATMs, representing 22.7% of the global market, according to information provider Coin ATM Radar.
  • The model in question, the BATMtwo (GBBATM2), had several vulnerabilities, according to Kraken, including a default administrative QR code, the underlying Android operating software, the ATM’s management system and the machine’s hardware case.
jwp-player-placeholder
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the The Protocol Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

Read more: Crypto ATM Installations Have Increased Over 70% This Year

KrakenHackSecurityBitcoin ATMs

More For You

Protocol Research: GoPlus Security

By CoinDesk Research
Nov 14, 2025
Commissioned byGoPlus
GP Basic Image

What to know:

  • As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
  • GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
  • Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report

More For You

Stripe-Backed Blockchain Tempo Starts Testnet; Kalshi, Mastercard, UBS Added as Partners

By Krisztian Sandor, AI Boost|Edited by Stephen Alpher
2 hours ago
Art installation reminiscent of digital ecosystems

Tempo, built by Stripe and Paradigm, has started testing payment-focused blockchain and has onboard a slew of institutional partners.

What to know:

  • Stripe and Paradigm’s Tempo blockchain has launched its public testnet for real-world payment testing.
  • Kalshi, Klarna, Mastercard and UBS are among a wave of new institutional partners now involved in the project.
  • Tempo aims to offer low-cost, fast-settlement infrastructure for global payments as stablecoin adoption is accelerating globally.
Read full story