Bitcoin Depot disclosed a cyberattack in an April 8 filing with the U.S. Securities and Exchange Commission (SEC) after an attacker gained access to internal systems and transferred close to 50.9 BTC. The stolen amount was valued at about $3.66 million at the time of the report. The incident puts fresh focus on security risks tied to cryptocurrency infrastructure providers.

What happened inside the breach

According to the company’s Form 8-K, the breach was discovered on March 23, when an unauthorized party accessed parts of its IT systems and obtained credentials tied to digital asset settlement accounts.

The attacker used that access to move Bitcoin from company-controlled wallets without authorization. Bitcoin Depot said it activated its response procedures immediately, brought in external cybersecurity specialists, and notified law enforcement.

The company stated that the breach happened in its corporate environment and did not impact customer-facing systems or user data. It also said there is no evidence that personal information was accessed, though the investigation is ongoing.

How this weighs on crypto infrastructure

Even though the company managed to relatively contain the financial impact, the disclosure is important because of where it happened. Bitcoin Depot operates one of the largest Bitcoin ATM networks, acting as an entry point for retail users into crypto.

The company said the incident has not materially affected operations so far, but still classified it as material due to potential legal, reputational, response, and other costs. It has also recorded a preliminary loss of $3.665 million and noted that insurance may cover part of the damage.

But the broader takeaway is more about the attack surface. Infrastructure providers hold keys, process transactions, connect users to the network, and do other sensitive work. That makes them targets.

Security incidents like this tend to ripple beyond one company. They feed into how investors and users evaluate trust in crypto on-ramps, especially as the industry pushes further into regulated markets.