Bitcoin Depot Hacked: 50.9 BTC Stolen from Company Wallets

US Bitcoin ATM operator Bitcoin Depot confirms hackers stole approximately 50.9 BTC from the company's own digital wallets in March 2026 — a loss of about $3.7 million.

Hackers Emptied Company's Own Crypto Accounts

Bitcoin Depot, one of the largest operators of Bitcoin ATMs in the US, has announced that the company was subjected to a data breach on March 23, 2026. According to information reported by The Block, the attackers managed to infiltrate the company's IT infrastructure and obtain login credentials related to accounts used for digital settlement trading. The result was unauthorized transfers totaling 50.9 BTC — equivalent to approximately $3.7 million at the time of the attack.

The company emphasizes that neither customer platforms nor personal data were compromised in this attack, which distinguishes the incident from a number of other similar breaches in the industry.

For the hackers, it wasn't about breaking encryption — they simply obtained the correct username and password.

Not the First Time

According to available information, this is at least the second known security breach Bitcoin Depot has been subjected to. In 2023, the company was hit by a breach that exposed personal data for nearly 27,000 customers, including names, phone numbers, addresses, dates of birth, and ID documents. The company discovered suspicious activity in June 2023 but did not conclude its internal investigation until July 2024 — and delayed public notification due to an ongoing federal investigation.

That the company is now hit again raises questions about the robustness of its internal security procedures.

A Pattern of Vulnerability in the Industry

Bitcoin Depot is not alone in its problems. In September 2024, competitor Byte Federal was subjected to a data breach that exposed personal data for approximately 58,000 users — including social security numbers and images. That breach was traced back to a vulnerability in the third-party software GitLab.

Security firm Kraken Security Labs has previously uncovered critical weaknesses in ATMs from manufacturer General Bytes, including standard administration QR codes that allowed unauthorized access. Lamassu Industries had to patch a critical flaw in 2023 that could potentially have given hackers full control over the machines.

$3.7M

Stolen from Bitcoin Depot (March 2026)

27,000

Customers exposed in 2023 breach

Human Error is the Biggest Risk

Experts consistently point to the human element as the weakest link in crypto security. Joe Dobson from Mandiant has noted that Bitcoin's decentralized nature means there is no overarching supervisory body for ATM operators, which can lead to actors deprioritizing basic security measures.

In addition to direct attacks against operators, scams targeting end-users pose a significant problem. In the first half of 2024 alone, losses related to scams via Bitcoin ATMs were estimated at $65 million, according to collected industry data.

What Happens Next?

Bitcoin Depot has not yet disclosed details about the specific security measures being implemented in the aftermath. It is also not known if anyone has been arrested in connection with the theft. 24Krypto has not received a response to its inquiry by the time of publication.

With a crypto market characterized by risk aversion — the Fear & Greed Index notes 14 out of 100 as of today — and the BTC price around $70,860, the loss represents nearly half a percentage point of what would have been the value just months ago, when Bitcoin traded closer to peak levels.