Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1814+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. Hackers Steal $3.6 Million from Crypto ATM Giant Bitcoin
Hackers Steal $3.6 Million from Crypto ATM Giant Bitcoin
NEWS

Hackers Steal $3.6 Million from Crypto ATM Giant Bitcoin

Bitcoin Depot, operator of one of the largest Bitcoin ATM networks in North America, disclosed that attackers stole $3.665 million in Bitcoin from its hot...

Dylan H.

News Desk

April 9, 2026
4 min read

Bitcoin Depot, the operator of one of North America's largest Bitcoin ATM networks, has confirmed that attackers breached its systems and stole approximately $3.665 million worth of Bitcoin from its crypto wallets. The company disclosed the incident after the breach, which reportedly occurred in March 2026, came to light this week.

What Happened

According to the disclosure, attackers successfully compromised Bitcoin Depot's internal systems and gained access to the company's cryptocurrency hot wallets — wallets connected to the internet for operational use. The breach resulted in the unauthorized transfer of $3.665 million in Bitcoin to attacker-controlled addresses.

Bitcoin Depot operates thousands of Bitcoin ATMs across the United States, Canada, and internationally, making it one of the largest crypto ATM operators by machine count. The company's ATM network allows customers to purchase and in some cases sell Bitcoin using cash at physical kiosk locations.

Timeline

DateEvent
March 2026Breach occurs — attackers access Bitcoin Depot systems
April 2026Company discovers and confirms the theft
April 9, 2026Public disclosure reported by BleepingComputer

Hot Wallet Targeting

The theft of funds from hot wallets (internet-connected wallets) rather than cold storage (offline wallets) is consistent with a common pattern in crypto exchange and operator breaches. Hot wallets hold funds needed for day-to-day operational liquidity — in Bitcoin Depot's case, maintaining the float needed to dispense Bitcoin at ATM locations.

This makes hot wallets an inherently higher-risk asset:

Wallet TypeRisk ProfileUse Case
Hot WalletHigh — internet-connectedOperational liquidity, ATM float
Cold StorageLow — offlineLong-term reserve holdings

Exchanges and ATM operators face a difficult balancing act: they need sufficient hot wallet balances to serve customers in real time, but larger balances increase potential theft exposure.

Industry Context

Bitcoin ATM operators have become recurring targets for cybercriminals due to the nature of their operations:

  • They handle large volumes of cash-equivalent cryptocurrency transactions daily
  • Hot wallet balances must remain liquid and accessible
  • Their networks span physical infrastructure that adds complexity to security management
  • Crypto transactions are irreversible — once funds are transferred, recovery is extremely difficult

This incident follows a broader trend of crypto infrastructure targeting. In recent months, crypto exchanges, DeFi platforms, and ATM operators have collectively lost hundreds of millions of dollars to similar attacks — with the Drift platform hack ($280 million) and Truebit DeFi incident ($26.5 million) occurring in the same quarter.

Company Response

Bitcoin Depot has not publicly detailed the specific attack vector or technical details of how its systems were breached. Companies in these situations typically:

  • Engage cybersecurity incident response firms
  • Notify relevant financial regulators and law enforcement (including FinCEN, given Bitcoin Depot's registered MSB status)
  • Conduct forensic analysis to determine the full scope of the breach
  • Review and harden wallet security practices

The stolen funds — once transferred in Bitcoin — are traceable on the blockchain but recovery is extremely rare absent cooperation from exchanges or law enforcement action against the perpetrators.

Implications for Crypto ATM Security

For the broader crypto ATM industry, this breach underscores several security imperatives:

  1. Minimize hot wallet exposure — Keep only minimum operational float in hot wallets; move excess to cold storage daily
  2. Multi-signature authorization — Require multiple independent approvals for large wallet transactions
  3. Behavioral anomaly detection — Monitor for unusual transaction volumes or destination patterns
  4. Access control hardening — Restrict who can initiate wallet transfers and from which systems
  5. Incident response planning — Have documented procedures for halting transactions if a breach is detected

Bitcoin Depot customers who use ATMs for legitimate transactions are not believed to be directly impacted — the theft was from the company's operational reserves, not individual customer funds.


Source: BleepingComputer — Crypto ATM giant Bitcoin Depot says hackers stole $3.6 million from its wallets

Related Reading

  • Cryptocurrency ATM Giant Bitcoin Depot Reports $3.6 Million
  • Telus Digital Confirms Massive Breach After ShinyHunters
  • Navia Discloses Data Breach Impacting 2.7 Million People
#Data Breach#Cryptocurrency#Bitcoin#Bitcoin Depot#Crypto ATM#Financial Crime#BleepingComputer

Related Articles

Cryptocurrency ATM Giant Bitcoin Depot Reports $3.6 Million

Bitcoin Depot, one of North America's largest Bitcoin ATM operators, has filed an SEC disclosure revealing a cyberattack in which threat actors gained...

4 min read

DHS Confirms Hackers Breached HSIN Federal Info-Sharing Platform

The Department of Homeland Security confirmed threat actors compromised the Homeland Security Information Network, an unclassified platform used by...

3 min read

NAIC Says Only Public Data Stolen in ShinyHunters PeopleSoft Breach

The National Association of Insurance Commissioners confirms ShinyHunters exploited an Oracle PeopleSoft zero-day but says only publicly available data,...

4 min read
Back to all News