Bitcoin Depot Inc., the largest publicly traded Bitcoin ATM operator in the US, disclosed in an SEC filing that hackers stole 50.9 BTC worth $3.67 million from company-controlled wallets. The breach happened on March 23, but the company only disclosed it publicly on April 8. Customer-facing platforms and user data were not affected.
What was hacked and how it happened
The attackers penetrated Bitcoin Depot's IT systems and obtained credentials for what the company calls "digital asset settlement accounts." These are specialized corporate accounts used to process transactions between ATMs and the blockchain. With access to these accounts, the hackers transferred 50.9 BTC without any authorization.
The company did not disclose specifics: how exactly the attackers entered the IT infrastructure or how long they had access. External cybersecurity experts brought in after the breach was discovered are investigating the attack vector.
Response: protocols, investigation, law enforcement
Bitcoin Depot activated its incident response protocols immediately after discovering the breach. External cybersecurity specialists were engaged to investigate the attack and secure remaining assets. Law enforcement was notified, though the company did not specify which agencies are involved.
No public statements beyond the SEC filing have been made as of this writing. Decrypt reached out to a company spokesperson but did not receive a response.
Material loss and BTM shares
The company classified the breach as a "material incident" — the term that requires US public companies to notify the SEC. Beyond the direct $3.67 million loss, Bitcoin Depot acknowledges potential reputational damage and legal, regulatory, and incident response costs. BTM shares rose 15% during the trading day to $2.74, then ticked down after hours following the SEC disclosure. Over the past 30 days, the stock is down 44%.
Why ATM operators are a target
Bitcoin ATM operators make attractive targets because they must maintain large crypto reserves at all times to process customer transactions. An ATM where someone can buy BTC with cash means a corporate reserve sitting somewhere at the other end of the chain — and that reserve is what attackers are after.
These companies face a compounding challenge: they combine physical infrastructure (terminals in stores and shopping centers) with digital storage and settlement systems. More surfaces means more entry points for an attack.
This is the second known security incident at Bitcoin Depot. In 2023, hackers accessed personal data for 58,000 users. After that, the company tightened identity verification requirements for ATM transactions. This time, the attack focused on corporate systems rather than customer data.
A corporate system hack, not a blockchain hack
The Bitcoin Depot breach once again confirms: in crypto, attackers go after people and systems, not the blockchain itself. Nobody hacked Bitcoin's protocol — the breach came through corporate IT infrastructure, where access security to internal systems turned out to be the weak spot.
Those looking for reliable options to sell Bitcoin for Ukrainian hryvnia can compare exchanger ratings on Kurslog — the platform lists only verified services with user reviews.
Comments
Your email address will not be published. Required fields are marked *