Crypto ATMs are Being Tracked by Cyber-Criminals

Do you use cryptocurrency? If you do, then how do you refill your wallet – have you ever visited a crypto ATM to purchase more Bitcoins, or Dogecoins, or Ethereum, or whatever virtual coin you like best?

You may be familiar with online thieves looking to steal your crypto, but now it’s not just your digital wallets that you need to worry about. Recently, threat actors have been going after cryptocurrency ATM makers to steal millions of virtual dollars right from the source.

What is a Crypto ATM?

A cryptocurrency ATM is a physical device that allows users to buy and sell cryptocurrencies using cash or credit/debit cards. It operates similarly to a traditional ATM but instead of dispensing cash, it dispenses cryptocurrencies. Crypto ATMs provide users with a convenient and accessible way to buy and sell cryptocurrencies.

Different crypto atm machines
Different Crypto ATMs

How Do Crypto ATMs Work?

Crypto ATMs work by connecting to a cryptocurrency exchange that allows for the buying and selling of cryptocurrencies. When a user makes a transaction at a crypto ATM, the machine contacts the exchange and executes the transaction on behalf of the user. The machine then dispenses the purchased cryptocurrency in the form of a paper wallet or transfers it directly to the user’s cryptocurrency wallet.

The Attack on General Bytes

In late March 2023, a major Bitcoin manufacturer announced a momentary shut-down of their cloud services. General Bytes operates over 9000 ATMs in 149 countries worldwide. Apparently, several machines were compromised in a security breach that led to the theft of $1.5M BTC.

A blog from the founder, Karel Kyovsky, explained that their investigation had unveiled a hacker who overrode the systems with a Java code, which let them decrypt the API keys needed to view and manage funds. In exploiting this vulnerability, hackers were able to transfer millions directly into their own wallets. The breach also allowed them to turn off users’ multifactor authentication and then download their logins, passwords and other private information.

The company released the following statement on Twitter around the time of the incident:

Crypto Security

Threat actors have been going after crypto-wallets and NFTs for years; notably, the public theft of some Bored Ape NFTs owned by Seth Green in May 2022. Crypto exchange hacks have been recorded around the world. Cryptojacking happens when your devices are sapped of power to mine digital currency.

cryptojacking image

Although the crypto market has fluctuated a bit in the past few years, there aren’t any signs that digital currency will evaporate anytime soon — nor will cyber-threats aimed at stealing and illegally generating virtual coins. Carefully monitor your digital wallets for suspicious activity, so you can take immediate action if any of them are compromised. Equip your accounts with multifactor authentication and change your passwords every couple of months to a new 12-character alphanumerical combo. These steps will best protect your digital wallets!


What should you do if this kind of thing happens to you? First step is to listen to what the company has to say regarding next steps, as they are working with authorities who are better-versed in best practices for protecting your information moving forward. Then inform your IT provider of the incident, so they can help monitor the Dark Web for your personally identifiable information (PII) in the coming months, and advise you on what to do next to protect your data and private accounts. Often, the affected organization will offer credit monitoring services for those who were potentially exposed in the breach.

Attacks against cryptocurrency aren’t anything new. Digitization always spurs new cyberattacks, and while their popularity as a weapon might rise and fall, the threats themselves are here to stay. Pay attention to any alerts indicating your data or digital currency might have been affected in a breach so that you can take immediate recuperative action.