Bitcoin ATM adoption is on the rise. There are more will come to install in the public. However, such a machine may have exposed some security vulnerabilities for anyone to exploit with access to the admin account and steal funds.
Centralized ATM
ATM is centralized which creates a single point of failure. The Bitcoin ATM machine is General Bytes BATMtwo or GBBATM2. They use an admin QR code to process crypto payments. Such QR codes will be provided on the owner purchase ATMs. Then the owner will set up a QR code with a password set up to link to the admin account. However, many owners may use the default password without resetting the new password. Such practice exposes security vulnerability for others to access ATMs and steal funds.
QR Code
There is a potential vulnerability of QR code exposure in the public domain to transact cryptocurrency especially if cryptocurrency is running on layer 2. Such transactions may expose IP addresses to the public to prone for hackers to enter the network easily and siphon away funds.
Verification process
There is no way to verify fund has been transferred and received. Users may have to go back and use more secure internet to verify funds amount.
Private key exposure
There is a potential that one may expose their private information if scammers implement software to interrupt or phishing devices to ask to verify transactions. Users may eager to resolve issues by providing the private keys to unauthorized persons and losing their entire control of the wallet.
In conclusion
As we cheer for the successful adoption of more crypto ATMs, we want to always be aware of any potential hacks or security protocols to prevent the loss of your funds.