Tech
Share this article

Kraken Reveals Security Vulnerabilities in Bitcoin ATMs

The machines’ manufacturer has released patches to mend the problem, but more revisions may be needed.

By Eliza Gkritsi
Updated May 11, 2023, 5:19 p.m. Published Sep 30, 2021, 3:34 p.m.
(Angel Garcia/Bloomberg via Getty Images)
(Angel Garcia/Bloomberg via Getty Images)

A commonly used model of bitcoin ATMs has several software and hardware vulnerabilities, Kraken Security Labs revealed in a blog post yesterday.

  • The security team notified the manufacturer, General Bytes, on April 20 of the attack vectors. General Bytes has released patches for the back-end system, but some fixes may require hardware revisions, Kraken said.
  • Bitcoin ATMs allow users to buy bitcoin using fiat currency. General Bytes is the second-largest manufacturer of Bitcoin ATMs, representing 22.7% of the global market, according to information provider Coin ATM Radar.
  • The model in question, the BATMtwo (GBBATM2), had several vulnerabilities, according to Kraken, including a default administrative QR code, the underlying Android operating software, the ATM’s management system and the machine’s hardware case.
jwp-player-placeholder
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the The Protocol Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms & conditions and privacy policy.

Read more: Crypto ATM Installations Have Increased Over 70% This Year

KrakenHackSecurityBitcoin ATMs

More For You

Pudgy Penguins: A New Blueprint for Tokenized Culture

By CoinDesk Research
Dec 30, 2025
logo
Commissioned byPudgy Penguins
Pudgy Title Image

Pudgy Penguins is building a multi-vertical consumer IP platform — combining phygital products, games, NFTs and PENGU to monetize culture at scale.

What to know:

Pudgy Penguins is emerging as one of the strongest NFT-native brands of this cycle, shifting from speculative “digital luxury goods” into a multi-vertical consumer IP platform. Its strategy is to acquire users through mainstream channels first; toys, retail partnerships and viral media, then onboard them into Web3 through games, NFTs and the PENGU token.

The ecosystem now spans phygital products (> $13M retail sales and >1M units sold), games and experiences (Pudgy Party surpassed 500k downloads in two weeks), and a widely distributed token (airdropped to 6M+ wallets). While the market is currently pricing Pudgy at a premium relative to traditional IP peers, sustained success depends on execution across retail expansion, gaming adoption and deeper token utility.

View Full Report

More For You

MegaETH mainnet to go live Feb. 9 in major test of ‘real-time’ Ethereum scaling

By Margaux Nijkerk, AI Boost|Edited by Nikhilesh De
1 hour ago
(MegaLabs)

This follows its October 2025 $450 million token sale that was heavily oversubscribed.

What to know:

  • MegaETH, the much-watched high-performance Ethereum layer-2 network, announced that its public mainnet will go live Feb. 9, marking a major milestone for a project that has gained a lot of attention in the scaling landscape.
  • MegaETH positions itself as a “real-time” blockchain for Ethereum, designed to deliver ultra-low latency and massive transaction throughput.
Read full story