Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to Decrypt, Bitcoin ATM operator Bitcoin Depot disclosed in a filing with the U.S. Securities and Exchange Commission that it experienced a security breach on March 23. Approximately 50.9 BTC, valued at around $3.665 million, was stolen by attackers. The hackers infiltrated the company’s IT systems and obtained credentials for its digital asset settlement accounts, enabling unauthorized fund transfers. Bitcoin Depot stated that it has activated its incident response procedures, engaged external cybersecurity experts to investigate the attack vector and secure remaining assets, and notified law enforcement authorities. The company also noted that its customer platform and user data were not affected by the breach. Attack method (per SlowMist): Credential Compromise. Reported loss: $ 3,665,000.
- chain
- bitcoin
- protocol
- Bitcoin Depot
- bug_class
- private-key
- date_occurred
- 2026-03-23
- loss_usd
- $3,665,000
- source_id
- sm:bitcoin-depot::2026-03-23