Bitcoin Depot, the world's largest Bitcoin ATM operator, has disclosed a significant security breach resulting in the theft of 50.9 BTC, valued at approximately $3.66 million. The incident, which occurred on March 23, 2026, was detailed in a formal filing with the U.S. Securities and Exchange Commission (SEC). Hackers infiltrated the company's IT systems and gained control of credentials linked to its internal cryptocurrency settlement accounts, facilitating the unauthorized withdrawals.
The company confirmed that customer platforms, personal data, and funds were not affected, as the compromised account was used solely for internal settlement processes with its network of over 7,000 kiosks across North America. Bitcoin Depot activated its incident response protocol immediately, engaging external cybersecurity experts and notifying law enforcement. The investigation with third-party specialists is ongoing.
Despite the financial loss, Bitcoin Depot's stock (BTM) closed up 15.6% at $2.74 on the day of the disclosure. The company recorded a preliminary loss of $3.665 million but noted it carries cybersecurity insurance that may partially cover the losses. It stated the breach is not expected to have a material impact on its overall financial condition.
The breach adds to existing pressures on the company, which recently faced regulatory action in Connecticut over fee violations and anticipates a 30-40% decline in core revenue for 2026 due to state regulations and compliance requirements. The SEC filing, mandated under Regulation FD, ensures transparency for investors and will likely trigger increased regulatory scrutiny on cybersecurity standards for public companies holding digital assets.
