New Malware Attacks On Bitcoin ATMs Points To The Next Big Compliance Hurdle In The Industry

September 10, 2018
Share the news!

Cryptocurrency ATMs have become one of the primary methods of purchasing bitcoin and other altcoins for users. We should know — ATM operators are one of our biggest customer archetypes. The popularity of ATMs is evidenced, in part, by how ubiquitous they are. As of May 2018, there were more than 3,150 bitcoin ATMs located around the world. Of those 3,150 bitcoin ATMs, 1,960 of them are located in the United States.

Unfortunately, hackers are increasingly targeting these ATMs with vicious malware. This malware attacks common bitcoin ATM vulnerabilities and robs ATM users of thousands of dollars worth of bitcoin: as much as $25,000 in some cases.

But what makes bitcoin ATMs the ideal targets for hackers today? And what can you do to protect your business from these cyber criminals?

Continue reading to find out how to prepare your business for what’s to come.

Why Bitcoin ATMs Are The Perfect Targets For Hackers

Traditional ATMs have always been popular targets for hackers; though they’re practically impossible to break into physically, cybercriminals have exploited the software vulnerabilities of these machines for decades.

Now they’ve set their sights on bitcoin ATMs in hopes of ripping off unsuspecting cryptocurrency investors. But why would bitcoin ATMs be easy targets for criminals?

malware attacks - BitAML Blog
Photo by Irvan Smith on Unsplash

There are two apparent weaknesses to consider. The first is that the verification processes of these machines are often less robust than those of traditional ATMs. Traditional ATMs require credit or debit cards for transactions. Bitcoin ATMs, on the other hand, usually require information like an ID and a phone number.

The problems with this verification process are obvious. Criminals don’t have to try hard to find a victim’s mobile number today. A simple online search can easily reveal this information in many cases, especially if the victim has posted this information on Facebook or another social profile.

The second major point concerns the security of the cryptocurrency wallets investors use. These wallets aren’t standardized, and investors can download any type of cryptocurrency wallet they want from the available app stores. This makes protecting their assets much more difficult for cryptocurrency ATM companies.

Cybersecurity And Cryptocurrency Compliance: Growing Pains

This news about bitcoin ATMs comes as no surprise to some industry insiders. Many recent cryptocurrency headlines have been glum and focus primarily on cybercrime.

But in all fairness, this new cybercrime trend is actually a big deal. In May 2018, the Anti-Phishing Working Group reported that $1.2 billion in cryptocurrency had been stolen since the beginning of 2017.

And we’re not talking small-time crimes here. Cybercriminals are making bold moves.

A Top Bitcoin Exchange Takes A Tumble

In June 2018, major South Korea-based cryptocurrency exchange Bithumb suspended all customer deposits and withdrawals. The cause?

Cybercriminals had somehow managed to steal $32 million worth of cryptocurrency from the exchange.

This cyber heist was a big deal for two reasons: South Korea has established itself as one of the world’s major cryptocurrency markets, and Bithumb is one of South Korea’s largest cryptocurrency exchanges.

The fact that criminals targeted the exchange and successfully stole over $30 million worth of cryptocurrency should be concerning to industry insiders, because even if large exchanges such as Bithumb experience difficulty in protecting customer assets, the cryptocurrency industry’s reputation is unlikely to improve.

YouTuber Discovers He’s Been Hacked While Live Streaming

Major exchanges aren’t the only parties that have to fend off hackers. Some online personalities have also been struggling to stay one step ahead of cybercriminals.

Ian Balina, a popular cryptocurrency YouTuber, is one such person.

A full-time cryptocurrency trader and expert, Balina has never been shy about his success. He has often been very transparent about his cryptocurrency portfolio, which was worth more than $3 million in early April 2018.

But in the middle of April 2018, Balina received quite the scare. During a live stream, he discovered that a hacker had taken control of his accounts and stolen a considerable chunk of his assets. One estimate put his loss at a whopping $2 million worth of cryptocurrency.

New York Takes On Cybersecurity

Thanks to the stunts cybercriminals have pulled over this past year, the need for stronger cybersecurity programs isn’t lost on regulators. In fact, some regulators have already taken steps to force cryptocurrency companies to develop more effective cybersecurity programs.


Such is the case in the state of New York. As of August 28, 2017, financial services institutions in New York are required by law to have cybersecurity programs in place which protect consumers’ private data. These institutions must also have official written policies that establish cybersecurity protocols and controls in effect that protect the integrity of New York’s financial services industry.

This legislation is the first of its kind, but we expect to see more legislation like this in the future.

How To Implement A Killer Cybersecurity Program

With all of this talk of insufficient cybersecurity in the cryptocurrency space, you’re probably wondering how you can implement an effective cybersecurity program. Here are a few key suggestions:

Build A Solid Customer Service Strategy

We’ve pointed to the importance of strong customer service for cryptocurrency businesses again and again. That’s because it’s absolutely crucial to any effective compliance strategy.

Additionally, because cybersecurity is emerging as a compliance issue, solid customer service strategies are now key to effective cybersecurity policies as well.

Fortunately, developing a more customer-centric approach to doing business isn’t terribly difficult. Just put yourself in your clients’ shoes and ask yourself some important questions:

  • Is there an open line of communication between customers and my business? If customers have complaints, can they turn to a complaint hotline or company representative for assistance?
  • Does my company keep records of interactions with customers? If not, how should we go about doing so?

Anticipate Threats To Consumer Data

Protecting consumer data is about more than reacting to threats. It’s also about anticipating those threats and taking the necessary steps to prevent harm to your customers.

While many bitcoin ATMs come ready-made with built-in standards and protocols that collect information like a user’s ID and phone number, businesses shouldn’t stop there. Instead, seek ways to become more sophisticated and implement more cyber-focused controls in an ongoing mission to prevent threats to customer data.

Is Your Cryptocurrency Business Ready To Tackle This Problem?

If you’re like us, you believe that blockchain technology is the future. But if you believe that, you must also believe that this technology will only be successful if we make honest attempts to self-regulate and protect our customers and investors.

If your business isn’t making this a priority, you’re not ready to tackle the problem of cybersecurity in the cryptocurrency space. And the time to be ready was yesterday.

Similiar Blog Post

Bitcoin ATM Day 2024 – Celebrating Progress Amidst Evolving Regulations

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...

Celebrating National Bitcoin ATM Day: A Look at the Evolution and Future of Crypto Kiosks

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...

Bitcoin ATMs and Why KYC is Important

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...