Bitcoin Depot Loses $3.6M in Crypto Hack

A major operator of Bitcoin ATMs has reported a significant security breach, with attackers stealing over $3.6 million in cryptocurrency. Bitcoin Depot, which runs a global network of more than 25,000 kiosks and generated $615 million in revenue last year, disclosed the incident in a recent regulatory filing. The company detected suspicious activity within its corporate IT systems on March 23, 2026, prompting an immediate response.

Upon investigation, it was determined that an unauthorized party had gained access and stolen credentials for digital asset accounts. The attackers successfully transferred approximately 50.903 Bitcoin from company-controlled wallets before their access was cut off. At the time of the report, the stolen cryptocurrency was valued at roughly $3.665 million. In its statement, Bitcoin Depot emphasized that the breach was contained to its corporate environment and did not impact customer platforms or data.

The company activated its incident response protocols swiftly, engaging external cybersecurity experts and notifying law enforcement. While Bitcoin Depot maintains insurance for such cyber-attacks, it cautioned that the coverage may not be sufficient to cover all direct losses from this event. The firm also acknowledged the material nature of the breach due to potential reputational damage and various legal and regulatory costs.

This is not the company’s first security issue. Last year, Bitcoin Depot notified nearly 26,000 individuals about a separate data breach from 2024, where personal information including names, addresses, and driver’s license numbers was compromised. The cryptocurrency ATM sector has seen similar incidents, with competitor Byte Federal disclosing a data breach affecting 58,000 customers in late 2024.