Bitcoin Depot, one of the largest Bitcoin ATM operators in the US, disclosed a material cybersecurity incident after attackers transferred 50.903 BTC from company-controlled wallets.

What the Filing Says

In an 8-K filed on April 8, the Nasdaq-listed company said it discovered on March 23 that an unauthorized party had gained access to parts of its IT environment. According to the filing, the attackers obtained credentials tied to the company’s digital asset settlement accounts, which let them move Bitcoin worth about $3.665 million at the time of the report.

The company said the incident was contained to its corporate environment and did not affect customer platforms, customer data, or other customer-facing systems based on the investigation so far. Bitcoin Depot also said it engaged outside cybersecurity specialists, notified law enforcement, and is still investigating the full scope of the breach.

Why It Matters

The disclosure is notable because Bitcoin ATM operators sit between physical cash infrastructure and on-chain settlement systems, which makes wallet controls and internal account credentials especially sensitive. Bitcoin Depot said the incident has not had a material impact on operations so far, but it still classified the breach as material because of possible legal, regulatory, response, and reputational costs.

The company recorded a preliminary loss estimate of $3.665 million and said insurance may cover some losses, though the final financial impact remains uncertain while the investigation continues.