Bitcoin ATM Vulnerability Fixed: Hackers Could Have Gained ‘Full Control’

Publikováno: 25.1.2024

Bitcoin ATM maker Lamassu Industries has successfully addressed a vulnerability that could have granted hackers “full control” over its Bitcoin ATM machines. The flaw came to light when a team of ethical hackers from security firm IOActive attempted to compromise Lamassu’s Bitcoin ATMs in 2023. During the process, which the team has documented online, the […]

The post Bitcoin ATM Vulnerability Fixed: Hackers Could Have Gained ‘Full Control’ appeared first on Cryptonews.

Celý článek

Bitcoin ATM maker Lamassu Industries has successfully addressed a vulnerability that could have granted hackers “full control” over its Bitcoin ATM machines.

The flaw came to light when a team of ethical hackers from security firm IOActive attempted to compromise Lamassu’s Bitcoin ATMs in 2023.

During the process, which the team has documented online, the researchers identified and exploited several vulnerabilities that allowed them to gain full control over the ATMs.

See how IOActive’s researchers took advantage of the vulnerability in the video below:

In comments shared with Cointelegraph, Gunter Ollman, CTO of IOActive, explained that through the exploit, attackers could “view and manipulate interactions with the hijacked ATM.”

This meant that hackers had the potential opportunity to steal Bitcoin from users’ wallets by taking advantage of the identified vulnerabilities.

According to Ollman, a sophisticated attacker could modify the entire user experience, tricking users into performing actions such as entering bank account details.

Ollman assured the community that the attack’s impact would be limited to a user’s account balance, but the potential for social engineering was significant.

Bitcoin ATM Vulnerability Gave Hackers ‘Full Control’


Gabriel Gonzalez, Director of Hardware Security at IOActive, commented that the vulnerability could grant an attacker “full control” over a physical ATM machine.

This included the ability to drain all the money in the ATM and manipulate the note reader to display inaccurate deposit amounts, he said.

The security researchers noted the severity of the vulnerabilities, especially if the ATMs were left unattended in various locations.

Lamassu Industries responded promptly to the findings, deploying a security patch to fix the vulnerabilities before they were publicly disclosed in 2024, and told owners of their Bitcoin ATMs to update their software.

Number of Bitcoin ATMs in decline


As reported earlier this month, the number of installed Bitcoin ATMs worldwide fell in 2023 after having risen every year for more than a decade.

According to data from Coin ATM Radar, the fall was attributed to a notably lower number of machines in the US from 2022 to 2023, while several other regions of the world saw an increasing number of machines.

Crypto ATMs in the US
Source: Coin ATM Radar

The US accounts for 82% of all installed Bitcoin ATMs globally, with 27,621 installed machines as of the end of last year, per Coin ATM Radar’s data.

The post Bitcoin ATM Vulnerability Fixed: Hackers Could Have Gained ‘Full Control’ appeared first on Cryptonews.

Nahoru
Tento web používá k poskytování služeb a analýze návštěvnosti soubory cookie. Používáním tohoto webu s tímto souhlasíte. Další informace