SCAMSSECURITY

Bitcoin ATM fraud surges, with scam losses exceeding $120 million

share
Bitcoin ATM fraud surges, with scam losses exceeding $120 million

According to a report recently released by the Federal Trade Commission (FTC) in the United States, cases of fraud involving Bitcoin ATMs (Automated Teller Machines) are on the rise. The number of cases increased nearly tenfold from 2020 to 2023. In 2023 alone, losses due to cryptocurrency ATM fraud in the U.S. exceeded $120 million. As of the first half of 2024, losses have surpassed $65 million, but this may only be a fraction of the total.

The number of Bitcoin ATMs in the U.S. is increasing, with machines being installed in convenience stores, gas stations, and high-traffic areas. Meanwhile, online criminal threats are also on the rise. Bitcoin ATMs operate similarly to traditional cash ATMs, requiring users to set up a password and charging fees to users. Due to the skyrocketing value of cryptocurrencies in recent years, Bitcoin ATMs have become a prime target for criminals.

Bitcoin ATMs Facing Both Online and Physical Threats

Timothy Bates, a cybersecurity professor at the University of Michigan's School of Innovation and Technology, stated, "Bitcoin ATMs are particularly vulnerable to both physical and online threats, making them a prime target for hackers and thieves."

Hackers may install malicious software on Bitcoin ATMs to steal private keys, user assets, or remotely manipulate transactions, especially on ATMs that are not regularly updated or equipped with anti-theft software. Bates explained, "Without proper maintenance of the network security of Bitcoin ATMs, hackers can intercept information exchanged between the ATM and servers, leading to data theft or unauthorized access."

Spike of 1000% in Bitcoin ATM Fraud Cases

Whether hackers or scammers, the U.S. government has issued warnings about Bitcoin ATMs. The Federal Trade Commission (FTC) reported a 1000% surge in Bitcoin ATM fraud cases since 2020.

Joe Dobson, Chief Analyst at U.S. cybersecurity firm Mandiant, pointed out that the risks associated with Bitcoin ATMs are closely tied to their advantages. The decentralized, permissionless, and irreversible nature of Bitcoin makes it an ideal tool for scammers. Dobson emphasized that the lack of a centralized governing body for Bitcoin has led to many operators running Bitcoin ATMs independently, significantly increasing risks.

Various Scam Techniques Involving Bitcoin ATMs

1. Impersonating Customer Service and Sending Fake QR Codes

Scammers impersonate customer service, claim the victim's account has been compromised, and send QR code links to deceive victims into depositing cash into Bitcoin ATMs, which actually transfers funds to the scammer's wallet, making victims believe they are protecting their assets.

2. Creating Panic, Posing as Government or Big Company Employees

For instance, impersonating globally renowned companies like "Microsoft" or "Apple," falsely claiming emergencies to prompt quick responses from users. Scammers often gather users' personal information from various sources and send false notifications under the pretext of account issues or emergencies.

3. Wallet Address Tampering

In traditional financial scams, scammers place or distribute counterfeit deposit slips in banks to lure others into depositing funds into their accounts. Similar scams may occur with Bitcoin ATMs, where hackers alter the receiving wallet address to steal users' assets.

4. Personal Information Theft

Bitcoin ATMs pose threats that traditional financial ATMs cannot address. Many Bitcoin ATMs require users to provide personal information like IDs or social security numbers to comply with Know Your Customer (KYC) identity verification. If these ATMs are hacked, the likelihood of personal data leakage is very high.

Elderly Targeted in Bitcoin ATM Scams

Statistics show that in the first half of 2024 in the U.S., the probability of individuals aged 60 and above falling victim to Bitcoin ATM scams is three times higher than that of younger people, with losses totaling $46 million, accounting for 71% of reported losses from these machines. Victims aged 60 and above represent 60% of the total losses in Bitcoin ATM scams.

According to a case study, a grocery store in the U.S. had a Bitcoin ATM branded as Bitcoin Depot, which was not frequently used. The store owner mentioned that although only a few people used it monthly, the ATM attracted many elderly individuals.

The store owner shared an incident: "An elderly lady came to our store to use the Bitcoin ATM to transfer a large sum of money, and when I asked her why, she said Elon Musk told her to do so." The store owner immediately recognized it as a scam and intervened.

In another case, a 76-year-old American woman received a scam notification seemingly from the well-known company Apple, informing her that her account had been hacked, and someone was making unauthorized transactions in her name. The scammer, using the name of U.S. Treasury officials, involved the woman in a conference call and convinced her to transfer funds to the scammer's wallet via a Bitcoin ATM, assuring her that everything would be fine.

As a result of the Bitcoin ATM scam, the woman lost a total of $31,500.

The Anonymity of Cryptocurrencies Facilitates Crime

Alice Frei, Head of Security and Compliance at blockchain public relations consulting firm Outset PR, stated, "Cryptocurrencies can be easily exchanged online, and the identities of participants are often unclear. Criminals exploit this anonymity and use technologies like cross-chain bridges to further conceal transactions."

Furthermore, many cryptocurrency exchanges involved in such criminal activities are located overseas, beyond the jurisdiction of U.S. regulatory bodies, making it quite challenging to trace and recover stolen funds.

Multiple Protections Reduce Intrusion Risks, but Vigilance is Still Necessary

Data shows that 74% of Bitcoin ATMs worldwide are managed by 10 operators. The largest Bitcoin ATM operator, Bitcoin Depot, owns over 8,000 ATMs. CEO Brandon Mintz stated that the company designs its ATMs with hacker prevention as a top priority, but he also refuted claims that "Bitcoin ATMs are the primary targets of hackers."

Mintz explained, "Bitcoin ATMs are not the primary targets of cybercriminals because the hardware and Bitcoin wallet environments are separate." Bitcoin Depot does not store any Bitcoin in its ATMs and has multiple verification processes to prevent unauthorized access to the company's wallets.

He also noted that most Bitcoin ATMs only accept cash transactions, eliminating the risk of hackers exploiting credit card readers. However, he cautioned that users must remain vigilant, as the concept of safeguarding against traditional financial scams also applies to the cryptocurrency domain.

Mintz advised, "Customers using Bitcoin ATMs should never send cryptocurrencies to unfamiliar or untrusted wallet addresses. For any message requiring immediate payment or similar situations, stay calm and verify before taking action!"

How to Identify and Stay Alert to Avoid Scams

Alice Frei, Head of Security and Compliance at Outset PR, suggested that users must confirm and verify the legitimacy of transactions, double-check if the receiving wallet address is suspicious or of unknown origin, and choose Bitcoin ATMs managed by reputable and trustworthy operators to reduce risks.

Below are the top 10 well-known Bitcoin ATM operators
  1. Bitcoin Depot
  2. CoinFlip
  3. Athena Bitcoin
  4. RockItCoin
  5. Bitstop
  6. Margo
  7. Coinhub
  8. Localcoin
  9. Bye Federal
  10. Cash2Bitcoin

Frei mentioned that users can use tools like Chainabuse to check if the receiving address has been flagged for suspicious activities, and if the risk score exceeds 70%, it is advisable to avoid the transfer.

1. Avoid Clicking on Unknown Links or Responding to Unknown Calls and Messages

Do not click on links of unknown origin or respond to calls, messages, or push notifications from unfamiliar sources. If you believe the message is legitimate, verify through the official website or phone number of the relevant company, and do not use the contact information provided in the message.

2. Stay Calm, Avoid Hasty Actions

Scammers create tension and panic to prompt immediate responses. Before making any decisions, stay calm and discuss with someone you trust, think twice before acting.

3. Do Not Withdraw Cash After Receiving Unexpected Calls or Messages

Legitimate companies or government agencies will not ask you to do so; only scammers will urge you to withdraw cash immediately.

4. Do Not Trust Anyone Asking You to Use a Bitcoin ATM or Purchase Gift Cards

If someone tells you to use a Bitcoin ATM, buy gift cards, or make transfers to protect your assets, be alert. Once again, legitimate companies or government agencies will never ask you to do so; only scammers will.

Establishing the Right Mindset and Sense of Responsibility is Key

Although Bitcoin ATMs are technical products, according to Joe Dobson, Chief Analyst at U.S. cybersecurity firm Mandiant, combating scams does not rely on more technology or protection mechanisms but on users' "mindset and sense of responsibility." In the cryptocurrency domain, user responsibility is crucial. If issues arise, the chances of recovering losses are slim. Only by acting cautiously, recognizing the responsibility for one's assets, can the risk of falling victim to scams be effectively reduced.