[kyledrake]

I've helped work on Project Skyhook, which is a $1000 Bitcoin ATM: http://projectskyhook.com

Orders ship within 2-3 weeks. Shipping to Canada is no problem, customs is no problem. Assembly is in Portland, Oregon, so it's a quick ship to Vancouver. We've shipped hundreds of units.

Setup is completely on the owner's end. Owners don't need the company to configure the unit, and the company doesn't need to run servers for them. Skyhook ATMs use blockchain.com for the wallets (using accounts the owner creates independently), and the exchange price source is the owner's choice, all controlled through the interface. This isn't to avoid having a setup phase - it's to allow owners to have complete control over their money, because then it's a trustless system (the source code to the ATMs is open and auditable: https://github.com/projectskyhook).

I'm astounded at the prices on some of these ATMs. For $25,000 they could have ordered 24 Skyhooks (a little padding for shipping, which I believe can be palleted to save money). Bitcoin ATMs shouldn't cost the down payment on a house, IMHO.

Skyhook is also completely bootstrapped by the founders (no VCs) and a result of that (and careful burn rate management) is now profitable, despite the low price point. The cofounders have been using some of the money (and their free time) to help clean up and build out a new hacker/makerspace in Portland that's going to be awesome. Easily the best group of people I've ever had the privilege to work with.

I wish more people approached startups this way. There's a real pride to making companies on your terms that you control, and succeeding at it. Startups shouldn't be about overvaluing your company and having Kid Rock do a rock concert in your back yard.

[jboggan]

The physical security on units such as these, or the majority of newly manufactured Bitcoin ATMs, is a joke. There's a good reason to build a large, heavy safe into an ATM, and all but the very strongest and most expensive can be broken into trivially. Bitcoin ATMs are even worse than cash ATMs from this perspective because physical compromise of the machine potentially nets you private keys.

Small/cheap units like this also don't support industry standard features like Mas locks or other one-time-combination locks to allow third party security and cash replenishment organizations to service them. [0] A used Mas lock (or its equivalent) will run you at least $500 and newer units are easily over $1,000 [1]

I'm speaking as a former ATM technician.

0 - http://www.kaba-mas.com/kaba-brand/products/366024/cencon.ht... 1 - http://www.jmacsupply.com/Kaba_Mas_X09SRD00FZJEZ1A_p/KABA-MA...

[kyledrake]

I agree with you that the locks aren't the best possible. Skyhooks wouldn't be a particularly great choice for an outdoor mall or a shady alleyway (they're not waterproof anyways), but they're perfect for cafes, small businesses, meetups, etc. I haven't heard a single report of a stolen or compromised Skyhook yet, and hundreds have been shipped. I don't think this is as big of a problem as it's made out to be.

Instead of making the entire unit expensively heavy, we opted to provide a way to bolt the unit onto something else, via 4 thick screws on the bottom of the unit with a heavy mounting plate, and supply that with purchase. That way, the ATM is either portable (a lot of people like to take them to Bitcoin meetups or swaps), or you can optionally secure it to something very difficult to steal. That way, you get a choice.

If the unit is removed from the wall, the unit detects that it has been powered off and locks the system, requiring the operator password to unlock it. It's not perfect security, but it's pretty good.

Skyhooks don't have protection from Denial of Service attacks from God yet though, unfortunately: http://www.coindesk.com/arizonas-first-bitcoin-atm-struck-li...

[iancarroll]

If the password on boot option actually encrypts something, wouldn't that solve the problem?

[kyledrake]

That's what it currently does.

[axoltl]

The code seems to suggest this was written by someone that isn't all that versed in crypto, which is more than a little worrying for an ATM:

hash_pbkdf2('sha256', $password, $salt, self::ITERATIONS, $saltSize, true);

where self::ITERATIONS is 500. That's extremely low.

Furthermore, they're using CBC mode encryption for the 'config' file rather than an authenticated cipher. The only 'authentication' there is is whether the file inflates. Because the IV is in the encrypted file (and I can pick any password), I can make the first block decrypt as anything. Depending on when gzinflate throws an error, I could potentially make the decrypt succeed with just control over the first block.

Neither of the issues is (in this case, because it's 'just' the config file encryption) probably anything to especially worry about, but it does show that other, more critical, parts of the codebase might not be up to snuff.