Bitcoin Depot (NASDAQ: BTM), the largest Bitcoin ATM operator in the United States, reported on Wednesday that millions of dollars worth of bitcoin were stolen by hackers from its wallets.
The company disclosed in an SEC filing that it detected an intrusion into its IT systems on March 23.
The attacker obtained credentials for digital asset settlement accounts, enabling them to steal roughly 50.903 bitcoin (worth approximately $3.6 million) from Bitcoin Depot wallets.
“The Company further believes that the incident was contained to the Company’s corporate environment and did not affect the Company’s customer platforms, divisions, systems, data or environments,” Bitcoin Depot stated.
The company’s investigation into the full extent of the incident is ongoing. It says the attack has not had a material impact on operations, but it may incur reputational, legal, incident response, and regulatory costs.
“The Company has recorded a preliminary estimate of loss of approximately $3.665 million, representing the fair value of the Bitcoin transferred without authorization as of the date of the incident. The ultimate impact may differ from this estimate as the investigation continues,” Bitcoin Depot said in the SEC filing.
“The Company maintains insurance coverage that may cover certain losses associated with cybersecurity incidents, but there can be no assurance that such coverage will be sufficient to recover any or all losses incurred as a result of this incident,” it added.
In July 2025, Bitcoin Depot notified more than 26,000 individuals of a data breach that had occurred a year earlier. Hackers who gained access to the company’s systems obtained files that stored personal information, including names, phone numbers, email addresses, dates of birth, physical addresses, and driver’s license numbers.
Bitcoin Depot said at the time that its disclosure was delayed by a year due to a law enforcement investigation.
News of the latest Bitcoin Depot hack comes just days after threat actors believed to be operating out of North Korea stole $285 million from the DeFi platform Drift in a carefully planned attack.
Related: Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption
Related: US Shuts Down Crypto Exchange E-Note, Charges Russian Administrator
Related: $29 Million Worth of Bitcoin Seized in Cryptomixer Takedown
