The U.S. Securities and Exchange Commission filed a document for the breach. On March 23, an unauthorized person accessed Bitcoin Depot’s internal IT system. This gave them access to all of their digital wallet account information as well as their company’s digital wallet. The attacker made unauthorized transfers of about 50.9 BTC▼$61,360.00 from company-controlled accounts into unknown accounts.
Bitcoin Depot immediately initiated its Incident Response Plan. It contacted outside cybersecurity experts who were able to examine the entry point of the intruder. They contained the breach and secured what remained of the company’s funds. Bitcoin Depot also notified Law Enforcement. However, the company has not indicated how many Law Enforcement agencies have been notified.
Related: Bitcoin ETFs in March 2026 Post $1.32 Billion Net Inflows
It is important to note that Bitcoin Depot stated that the breach did not affect customer-facing systems. Therefore, no user information appears to be at risk due to this breach.
While there was no public announcement outside of a regulatory filing, the company characterized this event as material to their business. Beyond the financial impact that is estimated to be approximately $3.665 million in terms of lost Bitcoins (based upon the then-current price of Bitcoin) — they also identified possible reputational risk, liability risks associated with compliance/ regulatory obligations, and potential costs related to responding to an incident.
The company did not indicate whether it has cyber liability insurance or crime insurance to protect itself from potential losses associated with the loss of digital assets. Additionally, the company did not disclose further details about how the loss may negatively impact the liquidity of its entire network of crypto-ATMs globally.
Related: Crypto ATM: How Bitcoin ATMs Work and Where to Find Them
This type of breach illustrates another growing concern in the industry: that crypto ATM companies are now being targeted by hackers due to the large amount of cash on reserve for immediate physical and online transactions. Since these businesses exist where the traditional cash-based system meets the responsibility for handling digital assets, they present a combination of risk factors that are complex and vulnerable.
At a minimum, this data breach marks the second time that there has been a report of a breach to Bitcoin Depot’s security. In 2023, approximately 58,000 users had their personal information compromised due to another breach. Following the initial breach, Bitcoin Depot adopted enhanced compliance policies, including greater identity verification requirements due to increased regulatory supervision.
However, the market was divided on how it would react. On the day of the announcement, the stock price for BTM (Bitcoin Depot) rose 15% from opening until closing, but fell significantly once again when the post-market hours opened. Since announcing the data breach, the company’s stock price has fallen by over 44% within the last thirty days.
