Bitcoin ATMs are becoming increasingly common across the United States, but with their increasing presence comes a significant increase in cybercrime risks.
These machines, which allow users to buy and sell cryptocurrencies, operate similarly to traditional cash ATMs with PINs and transaction fees. However, the high value and digital nature of cryptocurrencies make Bitcoin ATMs particularly attractive to hackers and cybercriminals.
“These machines are particularly vulnerable to both physical and cyber threats, making them prime targets for hackers and thieves,” said Timothy Bates, a professor of cybersecurity in the University of Michigan’s College of Innovation and Technology.
Bates noted that hackers often exploit these vulnerabilities by installing malware on machines to steal private keys, manipulate transactions, and even drain funds. Machines without regular software updates or security patches are particularly at risk.
Network security is another weak point for Bitcoin ATMs. Bates explained that if the machine’s network communications are not properly secured, attackers could intercept data transfers between the ATM and its server, leading to unauthorized access and potential data theft.
The rise in scams involving Bitcoin ATMs has government agencies concerned. The Federal Trade Commission (FTC) recently reported a staggering 1,000% increase in scams since 2020, highlighting the growing threat posed by these machines.
Ironically, the same features that make Bitcoin appealing—decentralization, permissionless transactions, and immutability—also contribute to the risks associated with Bitcoin ATMs. Joe Dobson, principal analyst at Mandiant, a cybersecurity firm owned by Google Cloud, noted that Bitcoin’s lack of a governing body allows independent entities to operate Bitcoin ATMs without strict oversight. This lack of regulation opens the door to various forms of fraud and theft.
Dobson also warned that old criminal tricks could be adapted for the digital age. For example, in the traditional banking world, someone might trick others into depositing money into their own accounts by secretly placing a personal deposit slip in a stack at the bank. A similar tactic could be used at Bitcoin ATMs, where an attacker could hijack the machine and change the recipient wallet address, effectively stealing user funds.
In addition to these old tricks, Bitcoin ATMs also present new threats. Many machines require personally identifiable information (PII), such as an ID or Social Security number, to comply with Know Your Customer (KYC) regulations. If a Bitcoin ATM is compromised, this sensitive information could be at risk.
Sai Patel, whose family owns Middletown Food Mart, said that while Bitcoin ATMs aren’t widely used, they do attract a worrying number of elderly customers who are often the target of scams. Patel described an incident where an elderly woman tried to use the machine to send a large amount of money, believing she was following instructions from Elon Musk. Fortunately, Patel intervened and saved the woman from losing her savings.
*This is not investment advice.