$3.6 Million Stolen in Bitcoin Depot Hack

Summary

Bitcoin Depot, the largest U.S. Bitcoin ATM operator, disclosed a March 23 intrusion where attackers stole credentials for digital asset settlement accounts and transferred approximately 50.903 bitcoin ($3.6M) from company wallets. The company stated the incident was contained to its corporate environment and did not affect customer platforms or data. This is Bitcoin Depot's second major security incident in a year, following a data breach in July 2025 affecting 26,000 individuals' personal information.

Full text

Bitcoin Depot (NASDAQ: BTM), the largest Bitcoin ATM operator in the United States, reported on Wednesday that millions of dollars worth of bitcoin were stolen by hackers from its wallets. The company disclosed in an SEC filing that it detected an intrusion into its IT systems on March 23. The attacker obtained credentials for digital asset settlement accounts, enabling them to steal roughly 50.903 bitcoin (worth approximately $3.6 million) from Bitcoin Depot wallets. “The Company further believes that the incident was contained to the Company’s corporate environment and did not affect the Company’s customer platforms, divisions, systems, data or environments,” Bitcoin Depot stated. The company’s investigation into the full extent of the incident is ongoing. It says the attack has not had a material impact on operations, but it may incur reputational, legal, incident response, and regulatory costs. “The Company has recorded a preliminary estimate of loss of approximately $3.665 million, representing the fair value of the Bitcoin transferred without authorization as of the date of the incident. The ultimate impact may differ from this estimate as the investigation continues,” Bitcoin Depot said in the SEC filing. Advertisement. Scroll to continue reading. “The Company maintains insurance coverage that may cover certain losses associated with cybersecurity incidents, but there can be no assurance that such coverage will be sufficient to recover any or all losses incurred as a result of this incident,” it added. In July 2025, Bitcoin Depot notified more than 26,000 individuals of a data breach that had occurred a year earlier. Hackers who gained access to the company’s systems obtained files that stored personal information, including names, phone numbers, email addresses, dates of birth, physical addresses, and driver’s license numbers. Bitcoin Depot said at the time that its disclosure was delayed by a year due to a law enforcement investigation. News of the latest Bitcoin Depot hack comes just days after threat actors believed to be operating out of North Korea stole $285 million from the DeFi platform Drift in a carefully planned attack. Related: Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption Related: US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator Related: $29 Million Worth of Bitcoin Seized in Cryptomixer Takedown Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Severe StrongBox Vulnerability Patched in AndroidGPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack White House Seeks to Slash CISA Funding by $707 MillionWynn Resorts Says 21,000 Employees Affected by ShinyHunters HackT-Mobile Sets the Record Straight on Latest Data Breach FilingApple Rolls Out DarkSword Exploit Protection to More DevicesCybersecurity M&A Roundup: 38 Deals Announced in March 2026Toy Giant Hasbro Hit by Cyberattack Latest News Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for LongData Leakage Vulnerability Patched in OpenSSLRCE Bug Lurked in Apache ActiveMQ Classic for 13 YearsFBI: Cybercrime Losses Neared $21 Billion in 2025Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption Evasive Masjesu DDoS Botnet Targets IoT DevicesHackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to TakeoverUS Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MovePamela McLeod has been named as CISO of the state of New Hampshire.Aspen Digital has named Matt Altomare as its new Senior Director for Cybersecurity Programs.Scott Goree has been appointed Senior Vice President of Channel and Alliances at Delinea.More People On The MoveExpert Insights The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — credential theft attack

Entities