Critical Vulnerability Found in Bitcoin ATMs by Researchers

Lamassu Industries has addressed a vulnerability in its Bitcoin ATMs that allowed attackers full control over the devices, reports Cointelegraph.

Security researchers from IOActive attempted to hack ATMs produced by Lamassu. They were able to identify several serious issues.

Günther Ollmann, the technical director of the analytics firm, stated that the vulnerability allowed attackers to “view and manipulate interactions with the ATM.” By taking control of the device, hackers could steal victims’ bitcoins.

“A sophisticated attacker with sufficient preparation can alter or replace the entire ATM user interface and use social engineering to make the user perform additional actions,” explained Ollmann.

Additionally, criminals could deceive victims into entering their bank account details by promising discounts or free coins in return.

According to Ollmann, ATMs are hacked down to the operating system levels. The extent of the attack is limited only by how much the user trusts the device or its manufacturer.

Gabriel Gonzalez, the director of hardware security at the company, added that besides stealing digital assets, the vulnerability threatens to “drain” all cash from the ATM. A hacker could also “trick the bill reader,” making the device display a larger amount of deposited money.

The vulnerability was disclosed at the beginning of 2024, informing ATM providers and users. Lamassu has already updated the software of its devices.

Back in November 2023, an unknown hacker group stole 70,000 selfies and confidential data of 300,000 Coin Cloud Bitcoin ATM customers.

The company filed for bankruptcy in February, citing “business difficulties and legal issues.” Its liabilities to approximately 10,000 counterparties are estimated to range from $100 million to $500 million.