Bitcoin ATMs have gotten more common within the United States and pose a growing cybercrime threat, in response to some experts. ATMs that accept bitcoins are just like their money counterparts: PINs should be entered and withdrawal fees apply, just like all other ATM.
Unlike ATMs, which high value of crypto makes them a primary goal for hackers. So while an ATM hidden among the many snacks and energy drinks at a gas station won’t attract much attention, a Bitcoin ATM will get a better look from scammers.
“It is clear that these machines are particularly vulnerable to physical and cyber threats, making them a prime target for hackers and thieves,” said Timothy Bates, clinical professor of cybersecurity on the University of Michigan College of Innovation and Technology.
Bitcoin ATMs could be vulnerable to attacks where hackers install malware on the devices to intercept private keys, steal funds or tamper with transactions, which Bates said is “particularly concerning for ATMs that may not receive regular software updates or security patches.” Network vulnerabilities are also a vulnerability. “If the device's network communications are not adequately secured, attackers can intercept data transmissions between the ATM and the server, which can lead to data theft or unauthorized access,” Bates said.
Whether hackers or scammers, the federal government is sounding the alarm about Bitcoin ATMs. The Federal Trade Commission this week reports that fraud cases have increased by 1,000% since 2020.
Ironically, the risks of a Bitcoin ATM are directly related to its strengths, said Joe Dobson, senior analyst at Mandiant, a Google Cloud-owned cybersecurity company. Bitcoin is decentralized, permissionless and immutable. “A transaction cannot be reversed or recalled if funds are deposited to the wrong address,” Dobson said. And while many crypto bulls find Bitcoin's lack of governance attractive, that could be problematic with ATMs. “There is no governing body in Bitcoin that dictates who can and cannot operate a Bitcoin ATM, so many independent organizations operate the ATMs,” Dobson said.
There are also old criminal tricks that could be reversible in a standard banking situation, but that's not the case on this planet of Bitcoin. For example, someone with malicious intent could put their personal deposit slips within the stack on the bank and trick people into depositing money into their account. “A similar attack can happen with Bitcoin ATMs,” Dobson said. “If an attacker compromises a Bitcoin ATM, they can change the receiving wallet address (or 'account number'), effectively stealing user funds.”
But along with the old tricks, there are newer dangers that Bitcoin ATMs pose that money machines don't face. Many Bitcoin ATMs require personally identifiable information, akin to an ID or perhaps a social security number, to comply with the financial industry's Know Your Customer (KYC) requirements. This information might be in danger if a Bitcoin ATM is compromised.
In Middletown, Ohio, on the Middletown Food Mart in a hollowed-out a part of town, a Bitcoin Depository The ATM is positioned across from an everyday ATM and is hidden amongst potato chips, bottled water, and beer. Middletown has recently turn out to be best referred to as the hometown of Donald Trump's running mate, Ohio Senator JD Vance, who, like Trump, has reinvented himself as a cryptocurrency proponent. The Middletown Food Mart is positioned across the road from where Vance grew up.
“Elon Musk told me to do it.”
Sai Patel, whose family owns the Middletown Food Mart, says the Bitcoin ATM isn’t very busy.
“Maybe once a month someone will come by to use it,” Patel said. And if it's someone latest, Patel patiently explains how the machine works. He also keeps a watch out for unusual activity. While the Bitcoin ATM doesn't exactly draw crowds, Patel said a surprising variety of seniors come to the kiosk, which is alarming given the increasing variety of Bitcoin ATM scams targeting seniors.
“Older people come in and use it,” Patel said.
He described an encounter by which an elderly woman entered his store and went to the Bitcoin ATM. She then tried to send a whole lot of money somewhere but had questions on the right way to use the machine. When Patel asked the girl a couple of questions on why she was doing it, she said, “Elon Musk told me to do this.” Patel quickly realized she had fallen victim to a scam. “I told her, no, no, no, this is a scam,” Patel said, and he stopped her from putting her entire life savings into the machine.
Alice Frei, head of security and compliance at blockchain communications and advisory agency Outset PR, says Bitcoin ATM fraud is expensive and is exacerbated by the sometimes shady world of cryptocurrencies.
“Cryptocurrencies can be easily exchanged online, often without the parties involved being clearly identified. Criminals exploit this anonymity and move money almost invisibly, often using techniques such as cross-blockchain 'bridges' to further obscure transactions,” she said.
And then there's the proven fact that an ATM scam is unlikely to originate in town it takes place in. “Many crypto exchanges involved in these activities are based abroad, outside the reach of regulators, making it difficult to track down and recover stolen funds,” Frei added.
Basic Steps to Avoid Bitcoin ATM Scams
To protect themselves from these scams, users ought to be cautious and skeptical of any request to pay via a Bitcoin ATM. Legitimate corporations rarely, if ever, ask for payment in Bitcoin via an ATM.
“Verifying the legitimacy of a transaction, especially checking the recipient’s wallet for links to questionable companies, is crucial,” Frei said, adding that users must also use licensed ATMs from reputable operators to mitigate risk.
According to Frei, there are steps users can take to confirm the ownership and legitimacy of a Bitcoin ATM or the parties involved in transactions.
“You can verify the recipient address by looking for flagged activity on platforms like Chainabuse and performing an AML check on the address using available tools,” she said. If these tools show a risk rating above 70%, it’s advisable to stop sending money. “Instead, contact the ATM operator or the person who provided the address to clarify the situation,” Frei added.
According to Frei, the information shows that just about 74% of ATMs worldwide are managed by just ten operators.
The largest Bitcoin ATM operator, Bitcoin Depot, operates over 8,000 machines. Its CEO Brandon Mintz says the corporate's machines are designed to discourage hackers. However, he also disputes claims that Bitcoin ATMs are a primary goal for hackers.
“Bitcoin ATMs are not typically high-priority targets for cybercriminals due to the separation of the hardware and bitcoin wallet environments,” Mintz said. Bitcoin Depot doesn’t store bitcoins locally at a bitcoin ATM and there are a lot of layers of verification and approval processes that prevent unauthorized access to the Bitcoin Depot wallet, he said.
In addition, Mintz says most Bitcoin ATMs, including Bitcoin Depot, only accept money, so criminals can't use card readers like they’ll install on traditional ATMs. However, he says users need to concentrate on the scam and that a number of the same basic protocols that protect consumers from old-fashioned financial scams apply within the cryptocurrency world.
“Bitcoin ATM customers should never send bitcoins or other cryptocurrencies to unknown digital wallets or people they do not know and trust. It is important to remain vigilant and skeptical of anyone requesting cryptocurrency payments, especially if the request is accompanied by a sense of urgency or threat,” Mintz said.
As a market leader, Bitcoin Depot has been the goal of litigation and the corporate disclosed in its S-1 filing prior to its IPO that its users “have been and could be targeted in cybersecurity incidents such as account takeover.” A South Carolina woman sued Bitcoin Depot after she was the victim of a alleged cryptocurrency scamIn one other case, authorities in Texas intervened to return money from a Bitcoin Depot ATM after a Woman fell victim to fraud.
And that points to a central irony of bitcoin and bitcoin ATMs, products of technology, where essentially the most powerful weapon against fraud isn’t technology but responsibility, Dobson said. “With cryptocurrencies, the user's responsibility is paramount. There is little compensation when things go wrong. The responsibility to take action is largely on the user.”
image credit : www.cnbc.com