What Happened: Bitcoin Depot Security Breach
On March 23, attackers infiltrated Bitcoin Depot's IT systems and extracted critical wallet credentials. The breach gave hackers direct access to company cryptocurrency reserves. The hack wasn't made public until April 6 when the company filed a mandatory SEC disclosure—nearly two weeks after the theft occurred.
• 50.903 BTC stolen (~$3.67 million)
• 8,700 Bitcoin Depot kiosks operating in the US alone
The Numbers: How Much Was Stolen
• Delayed disclosure of nearly 14 days
• Unknown if customer funds were affected
This breach highlights critical security failures at a company operating nearly 10,000 ATMs globally. The delayed disclosure suggests Bitcoin Depot either didn't immediately detect the hack or kept quiet to limit panic. The attackers didn't just get one password—they compromised wallet credentials themselves, meaning they had deep access to company infrastructure.
Timeline: When Was the Hack Discovered
The bigger concern: Bitcoin Depot customers have deposited millions in cash at these kiosks. If hackers accessed the company's IT systems this deeply, what's to stop them from accessing transaction records or customer data?
• Avoid storing large amounts in ATM-based purchases
• Use established exchanges with proven security records instead
This incident proves that even large, established crypto companies have serious vulnerabilities. Bitcoin ATMs have always been sketchy—poor security, high fees, and limited recourse. This hack confirms those concerns were justified.
Stay vigilant. Your crypto is only as secure as the weakest link in the chain.
📌 Bitcoin Depot hacked for $3.67 million