Bitcoin ATM Vulnerability Fixed: Hackers Could Have Gained 'Full Control'

Fredrik Vold

Last updated:

January 24, 2024 22:00 EST | 1 min read

Bitcoin ATM maker Lamassu Industries has successfully addressed a vulnerability that could have granted hackers “full control” over its Bitcoin ATM machines.

The flaw came to light when a team of ethical hackers from security firm IOActive attempted to compromise Lamassu’s Bitcoin ATMs in 2023.

During the process, which the team has documented online, the researchers identified and exploited several vulnerabilities that allowed them to gain full control over the ATMs.

See how IOActive’s researchers took advantage of the vulnerability in the video below:

In comments shared with Cointelegraph, Gunter Ollman, CTO of IOActive, explained that through the exploit, attackers could “view and manipulate interactions with the hijacked ATM.”

This meant that hackers had the potential opportunity to steal Bitcoin from users’ wallets by taking advantage of the identified vulnerabilities.

According to Ollman, a sophisticated attacker could modify the entire user experience, tricking users into performing actions such as entering bank account details.

Ollman assured the community that the attack’s impact would be limited to a user’s account balance, but the potential for social engineering was significant.

Bitcoin ATM Vulnerability Gave Hackers ‘Full Control’

Gabriel Gonzalez, Director of Hardware Security at IOActive, commented that the vulnerability could grant an attacker “full control” over a physical ATM machine.

This included the ability to drain all the money in the ATM and manipulate the note reader to display inaccurate deposit amounts, he said.

The security researchers noted the severity of the vulnerabilities, especially if the ATMs were left unattended in various locations.

Lamassu Industries responded ly to the findings, deploying a security patch to fix the vulnerabilities before they were publicly disclosed in 2024, and told owners of their Bitcoin ATMs to update their software.

Number of Bitcoin ATMs in decline

As reported earlier this month, the number of installed Bitcoin ATMs worldwide fell in 2023 after having risen every year for more than a decade.

According to data from Coin ATM Radar, the fall was attributed to a notably lower number of machines in the US from 2022 to 2023, while several other regions of the world saw an increasing number of machines.

Source: Coin ATM RadarThe US accounts for 82% of all installed Bitcoin ATMs globally, with 27,621 installed machines as of the end of last year, per Coin ATM Radar’s data.

Follow Us on Google News