Bitcoin Depot, a major operator of Bitcoin ATMs worldwide, has disclosed that hackers stole around 50.9 Bitcoin—valued at roughly 3.665 million dollars—from its corporate wallets after breaching its IT systems in March 2026. The company, which runs more than 25,000 crypto ATMs and BDCheckout locations, first detected suspicious activity on March 23 and later confirmed that attackers had accessed internal infrastructure and exfiltrated digital‑asset credentials.
Modus operandi
Investigators believe the attackers compromised Bitcoin Depot’s corporate environment and obtained login details for the firm’s digital‑asset settlement accounts. Using these stolen credentials, the hackers transferred about 50.9 Bitcoin from company‑controlled wallets to an attacker‑controlled address before Bitcoin Depot managed to cut off access. The theft was identified shortly after the illicit transfers, prompting the company to activate its incident‑response playbook and engage third‑party cybersecurity experts.
Bitcoin Depot emphasized that the incident was limited to its corporate systems and did not reach its customer platforms, transaction environments, or user data.In an SEC filing, the firm stated that customer accounts, transaction data, and ATM networks remained unaffected, though the breach could still generate reputational and legal fallout. The company has also notified law enforcement and regulators, with the investigation still ongoing and the full consequences not yet fully known.
Financial and operational implications
The loss of roughly 3.665 million dollars represents a direct hit to Bitcoin Depot’s corporate holdings, though the company does carry cyber‑attack insurance that may offset some of the damages. Despite the theft, Bitcoin Depot underlined that its ATM operations continue normally and that no customer funds stored in personal wallets were touched. Nonetheless, the episode comes as a reminder that even large crypto‑infrastructure players remain attractive targets for well‑funded cybercriminals.
This incident highlights how stolen credentials and access to settlement wallets can quickly translate into multi‑million‑dollar losses, even when customer platforms themselves are not directly breached. For crypto service providers, it underscores the need for strong identity and access controls, multi‑factor authentication on treasury systems, and continuous monitoring of internal traffic around critical accounts. For users, the takeaway is that while individual wallets may stay safe, the broader ecosystem still depends on how well companies like Bitcoin Depot protect their own infrastructure.