Bitcoin Depot Reports $3.6M Crypto Theft After System Breach
Bitcoin Depot disclosed a cyber-attack on its internal systems that led to the theft of 50.903 Bitcoin (~$3.66M) on March 23, 2026.
Bitcoin Depot, one of the largest Bitcoin ATM operators globally, disclosed a cyber-attack on its internal systems that resulted in the theft of 50.903 Bitcoin, valued at approximately $3.66 million. The company detected unauthorized access to parts of its IT infrastructure on March 23, 2026, triggering an immediate incident response. According to a regulatory filing, attackers had already gained access to credentials linked to digital asset settlement accounts, allowing them to transfer the cryptocurrency out of company-controlled wallets before being blocked.
The breach was contained within Bitcoin Depot's corporate environment, and the company emphasized that customer-facing platforms and customer data were not affected. Bitcoin Depot operates over 25,000 Bitcoin ATMs and BDCheckout locations globally and reported $615 million in revenue in 2025. The company initiated its incident response protocols, brought in external cybersecurity specialists, and notified law enforcement agencies as part of the ongoing investigation.
Bitcoin Depot outlined several potential consequences tied to the breach, including reputational damage, legal and regulatory exposure, and incident response costs. The company described the incident as material on April 6, citing these possible impacts. While it carries cyber insurance, it cautioned that coverage may not fully offset the losses. The final financial impact could differ from the initial estimate, and the investigation remains ongoing.
This incident follows a previous security issue at Bitcoin Depot in 2025, when the company disclosed a data breach affecting nearly 26,000 individuals. That breach was linked to an earlier intrusion where attackers accessed sensitive personal information, including names, addresses, and identification details. The latest theft reflects a broader pattern of attacks targeting cryptocurrency platforms, including a recent $285 million theft from a decentralized finance platform attributed to suspected North Korean threat actors.
The cryptocurrency industry continues to face sophisticated cyber threats, with attackers increasingly targeting internal systems and settlement accounts rather than customer-facing platforms. Bitcoin Depot's experience underscores the importance of securing credentials and implementing robust access controls for digital asset management. The company's response, including engagement with external experts and law enforcement, highlights the need for rapid containment and transparency in the wake of such incidents.