Bitcoin Depot Reports $3.665M Bitcoin Theft

Bitcoin Depot Inc., a financial services company that operates the largest Bitcoin ATM network in North America, has disclosed a cybersecurity incident that resulted in the theft of approximately $3.665 million in Bitcoin from company-controlled wallets.

The incident was disclosed to the U.S. Securities and Exchange Commission on April 8, 2026. Bitcoin Depot first discovered the unauthorized activity on March 23, 2026. No total number of affected consumers has been reported.

What happened in the Bitcoin Depot data breach

The company discovered on March 23, 2026, that an unauthorized party had gained access to certain of its information technology systems. The company's investigation found that the unauthorized actor obtained control of credentials associated with Bitcoin Depot's digital asset settlement accounts.

Using those compromised credentials, the attacker transferred approximately 50.903 Bitcoin from company-controlled wallets without authorization. The stolen cryptocurrency was valued at approximately $3.665 million as of the date of the SEC filing.

The company recorded this figure as a preliminary estimate of loss, noting that the ultimate financial impact may differ as the investigation continues.

Bitcoin Depot stated that the incident was contained to its corporate environment. The breach did not affect customer platforms, divisions, systems, data or environments.

The company has not identified evidence that customer personally identifiable information was accessed or exfiltrated in connection with the incident. However, the investigation remains ongoing, and the full scope, nature and impact of the incident are not yet completely known.

Bitcoin Depot's response to the breach

As part of its ongoing remediation efforts, Bitcoin Depot stated that it is working with outside cybersecurity specialists to further reinforce its information technology systems and to prevent future unauthorized access.

Bitcoin Depot maintains insurance coverage that may apply to certain losses associated with cybersecurity incidents.

Bitcoin Depot stated it will amend its SEC filing as additional information about the incident is determined or becomes available.

Steps to take if you are a Bitcoin Depot customer

Although Bitcoin Depot has stated that customer data does not appear to have been affected by this incident, the investigation is still ongoing. As a precaution, the following steps may help protect personal and financial information.

• Review your Bitcoin Depot account activity for any unauthorized or unfamiliar transactions and report anything suspicious to the company at support@bitcoindepot.com or 678-435-9604.
• Update your passwords on your Bitcoin Depot account and any other accounts where you may use similar login credentials, choosing strong and unique passwords for each.
• Enable two-factor authentication on your cryptocurrency and financial accounts to add an extra layer of security beyond just a password.
• Check your credit reports at AnnualCreditReport.com for any unfamiliar accounts or inquiries that could indicate misuse of personal information.
• Be cautious of phishing attempts that reference Bitcoin Depot or this breach by name, as scammers often exploit news about security incidents to trick people into sharing personal details or clicking on harmful links.