**Bitcoin Depot**, which manages over 25,000 Bitcoin ATMs and BDCheckout locations globally, disclosed the incident in a filing with the U.S. Securities and Exchange Commission (SEC). ### Incident Details The company detected suspicious activity on March 23rd, 2026, triggering its incident response protocols. Despite immediate containment efforts, attackers managed to compromise credentials for digital asset settlement accounts. This allowed them to transfer approximately 50.903 Bitcoin from **Bitcoin Depot**-controlled wallets before access was revoked. "On March 23, 2026, Bitcoin Depot Inc. (the "Company") discovered that an unauthorized party gained access to certain of its information technology systems. Upon detection, the Company promptly activated its incident response protocols, engaged external cybersecurity experts, and notified law enforcement," the company stated. According to **Bitcoin Depot**, the attack was isolated to its corporate environment and did not impact customer platforms, divisions, systems, data, or environments. ### Investigation and Remediation **Bitcoin Depot** has engaged external cybersecurity experts to investigate the breach and has also notified law enforcement. The company is exploring potential insurance coverage but acknowledges that it might not fully cover all resulting losses. "On April 6, 2026, the Company nevertheless determined that the incident is material in light of potential consequences of the incident, including reputations harm, legal, regulatory and response costs," the filing states. ### History of Security Incidents This incident follows a 2024 data breach where nearly 26,000 **Bitcoin Depot** users were notified that their personal information (including names, addresses, dates of birth, driver's license numbers, email addresses, and phone numbers) had been compromised. In a similar incident, **Byte Federal**, another U.S. Bitcoin ATM operator, disclosed a breach in December 2024 affecting 58,000 customers.