Bitcoin ATMs are a rapidly growing presence in the United States and, some experts say, a rapidly growing cybercrime menace. ATMs dealing in bitcoin are similar to their cash cousins: there are PINs to punch and withdrawal fees, just like any other ATM.
Unlike cash ATMs, though, the high value of crypto makes them prime targets for hackers. So, while a cash ATM tucked away between the snack cakes and energy drinks at a gas station may not draw much attention, a bitcoin ATM gets more scrutiny from bad actors.
“It’s clear that these machines are particularly vulnerable to both physical and cyber threats, making them a prime target for hackers and thieves,” said Timothy Bates, clinical professor of cybersecurityat the University of Michigan’s College of Innovation and Technology.
Bitcoin ATMs can be susceptible to attacks where hackers install malware on the machines to capture private keys, steal funds, or manipulate transactions, which Bates said is “especially concerning for ATMs that may not receive regular software updates or security patches.” Network vulnerabilities are also a weak spot. “If the machine’s network communications are not adequately secured, attackers can intercept data transfers between the ATM and the server, leading to data theft or unauthorized access,” Bates said.
Whether it’s hackers or scammers, the government is sounding the alarm about bitcoin ATMs. The Federal Trade Commission reported this week that scam incidents have risen by 1,000% since 2020.
Ironically, a bitcoin ATM’s risks are directly related to its strengths, according to Joe Dobson, principal analyst at Mandiant, a Google Cloud-owned cybersecurity company. Bitcoin is decentralized, permission-less, and immutable. “A transaction cannot be reversed or recalled if funds are deposited to the wrong address,” Dobson said. And while many crypto bulls find bitcoin’s lack of governance appealing, that can be problematic in ATMs. “There is no governing body within bitcoin dictating who can or cannot run a bitcoin ATM, hence many independent organizations operate the ATMs,” Dobson said.
There are also old criminal tricks that might be reversible in a traditional banking situation, but in the world of bitcoin, that is not so. For example, someone could maliciously slip their personal deposit slips into the stack at the bank, tricking folks into depositing money into their account. “A similar attack can happen with bitcoin ATMs,” Dobson said. “If an attacker compromises a bitcoin ATM, they may change the receiving wallet address (or ‘account number’), effectively stealing user funds.”
But in addition to old tricks, there are newer threats bitcoin ATMs introduce that cash ATMs do not face. Many bitcoin ATMs require personally identifiable information, such as an ID or even a Social Security number to comply with financial industry Know Your Customer (KYC) requirements. This information could be at risk if a bitcoin ATM is compromised.
In Middletown, Ohio, at the Middletown Food Mart in a hollowed-out end of town, a Bitcoin Depot ATM sits opposite a regular cash ATM, blending in among the potato chips, bottled water, and beer. Middletown’s claim to fame lately is as the hometown of Donald Trump’s running mate Ohio Senator J.D. Vance, who has refashioned himself, similar to Trump, as a pro-cryptocurrency warrior. The Middletown Food Mart sits across the street from where Vance grew up.
‘Elon Musk told me to do it.’
Sai Patel, whose family owns Middletown Food Mart, says the bitcoin ATM isn’t very busy.
“Maybe once a month someone comes in to use it,” Patel said. And if it is someone new, Patel will patiently explain how the machine works. He also keeps an eye out for unusual activity. Although the bitcoin ATM isn’t exactly drawing crowds, Patel says a surprising number of senior citizens show up at the kiosk, alarming given the rise of bitcoin ATM scams targeting seniors.
“Elderly people come in and use it,” Patel said.
He described one encounter where an elderly woman entered his shop and headed for the bitcoin ATM, then attempted to send a lot of money somewhere but had questions about using the machine. When Patel asked the woman a few questions as to why, she said, “Elon Musk told me to do it.” Patel quickly realized she had fallen prey to a scam. “I told her, no, no, no, it’s a scam,” Patel said, and he stopped her from dumping her life savings into the machine.
Alice Frei, head of security and compliance at blockchain communications & consulting agency Outset PR, says bitcoin ATM fraud is costly, enhanced by the sometimes shadowy world of crypto.
“Cryptocurrencies are easily exchanged online, often without clear identification of the parties involved. Criminals exploit this anonymity and move money almost invisibly, often employing techniques such as cross-blockchain ‘bridges’ to further obscure transactions,” she said.
And then there’s the fact that an ATM scam probably doesn’t originate in the town where it occurs. “Many crypto exchanges involved in these activities are based offshore, beyond the reach of regulators, making it difficult to trace and recover stolen funds,” Frei added.
Basic steps to avoid bitcoin ATM scams
To protect against these scams, users should be cautious and skeptical of any request to pay through a bitcoin ATM. Legitimate businesses rarely, if ever, demand payment in bitcoin through a machine.
“Verifying the legitimacy of a transaction, particularly checking the recipient’s wallet for connections to questionable entities is crucial,” Frei said, adding that users should also use licensed ATMs from reputable operators to reduce the risk.
Frei said there are steps that users can take to verify the ownership and legitimacy of a bitcoin ATM or parties involved in transactions.
“You can verify the recipient address by checking for flagged activity on platforms like Chainabuse and running an AML check on the address using available tools,” she said, If these tools show the risk score above 70%, it’s advisable to avoid sending money. “Instead, contact the ATM operator or the person who provided the address to clarify the situation,” Frei added.
According to Frei, data shows that nearly 74% of ATMs globally are managed by just 10 operators.
The largest operator of bitcoin ATMs, Bitcoin Depot, operates over 8,000 ATMs. Its CEO Brandon Mintz says the company’s machines are designed to deter hackers. But he also disputes the claims that bitcoin ATMs are major hacking targets.
“Bitcoin ATMs aren’t typically high-priority targets for cybercriminals due to the separation of the hardware and the bitcoin wallet environments,” Mintz said. Bitcoin Depot does not store any bitcoin locally at a bitcoin ATM, and there are many layers of verification and approval processes that prevent unauthorized access to the Bitcoin Depot wallet, he said.
Additionally, Mintz said, most bitcoin ATMs, including Bitcoin Depot’s, only accept cash, so this removes the ability for criminals to use card skimmers like they can install on traditional cash ATMs. However, he says users do need to be aware of scams, and some of the same basic protocols that protect consumers from old-fashioned financial scams apply to the world of cryptocurrency as well.
“Customers of bitcoin ATMs should never send bitcoin or other cryptocurrencies to unknown digital wallets or individuals they don’t know and trust. It’s important to remain vigilant and skeptical of anyone asking for cryptocurrency payments, especially if the request comes with a sense of urgency or threat,” Mintz said.
As the market leader, Bitcoin Depot has been a target of litigation and the company disclosed in its S-1 filing before going public that its users “have been and could be targeted in cybersecurity incidents like an account takeover.” A South Carolina woman sued Bitcoin Depot after falling victim to an alleged cryptocurrency scam. In another instance, authorities in Texas intervened to return money from a Bitcoin Depot ATM after a woman fell victim to a scam.
And that points to a central irony of bitcoin and the bitcoin ATM, products of technology, but ones where the most powerful weapon against fraud isn’t more technology but responsibility, Dobson said. “User responsibility is paramount in cryptocurrency. There is little recompense if something goes awry. The onus is largely on the user to take steps.”
DraftKings is acquiring predictions platform Railbird as it prepares to launch a mobile platform in the coming months to be called DraftKings Predictions.
Railbird is licensed by the Commodity Futures Trading Commission to offer an event contracts exchange. DraftKings targeted the company for its team and proprietary technology.
“We are excited about the additional opportunity that prediction markets could represent for our business,” DraftKings CEO Jason Robins said in a statement to CNBC. “We believe that Railbird’s team and platform—combined with DraftKings’ scale, trusted brand, and proven expertise in mobile-first products—positions us to win in this incremental space.”
Predictions markets allow customers to trade on the outcomes of various events in the worlds of finance, culture and entertainment, which will allow DraftKings to expand beyond its sports betting business. The markets on election outcomes and sports are the most controversial.
Dozens of states, their gaming regulators and tribes are suing or taking other actions to try to prohibit companies from offering trades based on sporting events, because they see it as unlicensed gambling.
Nevada is among the states warning that companies risk losing their gambling licenses if they offer sports in their prediction markets.
If DraftKings offers sports events contracts, it’s likely to focus only on states that don’t offer licensed sports betting, like California and Texas, to avoid running afoul of the states where it offers sports betting. Additionally, technology exists to prevent those sports trades from being available on tribal lands.
DraftKings also may offer more advanced “know your customer” guardrails, a term commonly used to reference identity verification, given its experience in the regulated gambling market.
Elon Musk interviews on CNBC from the Tesla Headquarters in Texas.
CNBC
A day ahead of Tesla’s quarterly earnings report, a coalition of unions and corporate watchdogs wants investors to focus their attention on matters of governance.
On Tuesday, a group that includes the American Federation of Teachers and Public Citizen launched a website for Take Back Tesla, a campaign urging shareholders to vote against a new pay package for CEO Elon Musk that would net him nearly $1 trillion worth of stock and expand his control over the company.
Tesla’s board floated the pay proposal in September, saying the largest ever CEO pay plan was appropriate and necessary to lock Musk in for a decade. The plan is up for a shareholder vote at the company’s annual meeting next month.
On the Take Back Tesla website, the group calls the outsized package “outrageous,” in part because Musk’s “political activities have damaged Tesla’s brand and distracted him from leadership at Tesla.” The site says the plan doesn’t require Musk to focus more on the automaker than his political interests or other business endeavors.
The site also encourages the general population to petition state treasurers and other financial officers, who oversee funds on behalf of workers and retirees, to reject the plan. The coalition plans to share materials online that teach investors how to vote their shares or influence fund managers who vote on their behalf.
“Public pension funds are significant shareholders in Tesla, and the asset managers who invest those funds have even larger holdings,” the site says. “That’s our money and we should tell the people who invest it for us that we want them to vote to hold Musk and Tesla Board members accountable.”
Additional groups in the coalition include Americans for Financial Reform, the Communication Workers of America, corporate watchdog group Ekō, People’s Action and Stop the Money Pipeline.
Tesla didn’t immediately respond to a request for comment.
Top proxy firms ISS and Glass Lewis have recommended against authorizing the $1 trillion pay plan, which was disclosed amid a tense battle over Musk’s previous 2018 pay package, which amounted to about $56 billion in stock when it vested.
Following those firms’ suggestions, Tesla wrote in a post that, “ISS and Glass Lewis have recommended against Tesla’s proposals time and time again since the 2018 CEO Performance Award was introduced.” The company added that shareholders who sold would “have missed out on our market capitalization soaring by 20x from March 2018 to August 2025.”
The Delaware Court of Chancery ruled early last year that the 2018 plan was improperly granted by Tesla, with the judge finding that the company hid crucial details from shareholders and that Musk had controlled board members rather than negotiating with them for a fair deal.
Musk appealed the matter to the Delaware State Supreme Court and is seeking to get the 2018 CEO pay package reinstated.
Around the time that plan was rescinded, in January 2024, Musk wrote on his social network X, “I am uncomfortable growing Tesla to be a leader in AI & robotics without having ~25% voting control.” The new plan would add 12% to his stake over the next decade.
Musk had already started artificial intelligence startup xAI in March 2023, taking some ex-Tesla employees with him, and was developing Grok, a would-be challenger to OpenAI’s ChatGPT.
By May 2025, Musk said he was committed to running Tesla for at least five more years.
New York City Comptroller Brad Lander, who oversees a $300 billion pension fund, said he “vociferously opposes this pay package” and says other public fiduciaries should do the same.
“Most of the time we’ve held Tesla stock, it has been a solid investment, it’s grown over time, and that’s why we haven’t chosen to dump it,” Lander, who also serves as finance and accountability chief for the city, said in an interview. Lander said that he’s preferred to “hold on to it and participate in shareholder engagement to address the concerns we have.”
Lander manages funds that own about $1.1 billion worth of Tesla, based on holdings reported in August.
He said he views Tesla’s board he as “insufficiently independent,” and that it’s allowed Musk to be an “absentee CEO.” The company has also failed to hit its marks when it comes to robotaxis and self-driving technology, Lander said.
The stock has rallied of late after a brutal start to the year, but it’s still underperforming its tech peers and the S&P 500 and Nasdaq in 2025.
Musk has “been an inconsistent CEO at best,” Lander said, “and the pay package is like a ransom attempt after volatile stock performance and destroying consumer confidence.”
Tesla is scheduled to report third-quarter results after the close of regular trading on Wednesday. Analysts are expecting revenue growth of 4.7% from a year earlier to $26.37 billion, according to LSEG, following two straight year-over-year declines.
Elon Musk, CEO of SpaceX and Tesla, attends the Viva Technology conference at the Porte de Versailles exhibition center in Paris on June 16, 2023.
Gonzalo Fuentes | Reuters
SpaceX and Tesla CEO Elon Musk criticized acting NASA Administrator Sean Duffy after he told media outlets this week that the billionaire’s space company is falling behind U.S. plans to return to the moon.
“The person responsible for America’s space program can’t have a 2 digit IQ,” Musk wrote in a Tuesday post on X.
In response to other user posts, Musk referred to the transportation secretary as “*Sean Dummy” and said he is “trying to kill NASA!” Musk later posted a poll asking users “Should someone whose biggest claim to fame is climbing trees be running America’s space program?” Musk appeared to be referring to Duffy’s background as a competitive speed climber.
On Monday, Duffy told CNBC that SpaceX was “behind” schedule on building its lunar landing system for the space agency’s Artemis III mission and that he would consider other contracts with competitors such as Jeff Bezos’ Blue Origin.
SpaceX and Blue Origin will have until Oct. 29 to offer ways to speed up the project, a NASA official told CNBC. The agency will also ask the industry to suggest ways to “increase the cadence” of Moon missions.
President Donald Trump selected Duffy to become the acting NASA administrator in July. The position had been vacant since the start of Trump’s presidency. Trump had previously nominated Musk ally Jared Isaacman, but he pulled the nomination earlier this year, saying he was a “blue blooded Democrat, who had never contributed to a Republican before.”
CNBC reported earlier this month that Trump has held talks with Isaacman to reconsider the role.
NASA is racing against China and others to get humans back to the moon for the first time since 1972. The space agency launched the Artemis project under Trump’s first administration with the goal of creating a “long-term presence” on the moon for science and tech discovery.
SpaceX won a contract to build the technology in 2021. Other contractors such as Blue Origin, Lockheed Martin and Boeing are participating in various stages of the program.
But the project has been fraught with setbacks.
NASA launched its first Artemis mission in November 2022. Last December, the agency delayed its planned Artemis missions. NASA’s first Artemis launch with astronauts is now slated for April 2026, with a third mission to land two astronauts on the Moon planned for 2027.
Now, the space agency is also grappling with the aftershocks from an ongoing government shutdown that threatens to stall any plans to reopen contracts. CNBC previously reported that NASA’s employees working on the mission with contractors will work during the shutdown.