Bitcoin Depot, the leading operator of Bitcoin ATMs in the United States, recently disclosed a security breach that resulted in the theft of approximately 3.6 million dollars worth of cryptocurrency. The company reported that hackers gained access to its IT systems and obtained credentials to settlement accounts, though they maintain that customer platforms and data remain unaffected by the intrusion.

The largest Bitcoin ATM operator in the United States, Bitcoin Depot, recently announced that it fell victim to a significant cyberattack resulting in the loss of millions of dollars in digital assets. According to an official filing with the Securities and Exchange Commission, the company identified an unauthorized intrusion into its internal IT systems on March 23. This security breach allowed attackers to acquire sensitive credentials for digital asset settlement accounts, which were then used to facilitate the transfer of approximately 50.903 bitcoin out of the company’s wallets.

Despite the scale of the financial loss, Bitcoin Depot has emphasized that the incident appears to have been limited to its corporate IT environment. The company stated that there is currently no evidence to suggest that customer platforms, systems, or personal data were compromised during this specific event. While the financial impact is notable, the firm believes the attack has not had a material effect on its day-to-day operations, though it is bracing for potential costs related to legal fees, regulatory inquiries, and incident response efforts.

In its financial assessment of the situation, the company has recorded a preliminary loss estimate of roughly 3.665 million dollars, based on the market value of the stolen bitcoin at the time of the transfer. Bitcoin Depot noted that it does maintain insurance coverage for cybersecurity incidents, but it warned investors that there is no guarantee the policy will fully cover the losses sustained. The investigation into the full scope of the breach is still ongoing, and final figures may change as more details emerge.

This is not the first time the company has faced significant security challenges, as it previously notified over 26,000 individuals about a separate data breach that occurred in 2024. In that prior instance, hackers managed to access files containing highly sensitive personal information, including driver's license numbers and home addresses. The disclosure of that particular breach was delayed by a full year, a move the company attributed to a request from law enforcement during an active investigation.

The news of this latest theft comes during a period of heightened activity for crypto-related cybercrime, following closely after a massive 285 million dollar exploit of the Drift decentralized finance platform. These recurring incidents highlight the persistent vulnerabilities within the digital asset industry, even for established public companies. As Bitcoin Depot continues its forensic review, the industry remains on high alert regarding the sophisticated methods used by threat actors to target institutional wallets.

Source: https://www.securityweek.com/3-6-million-stolen-in-bitcoin-depot-hack/