Bitcoin Depot Cyberattack Steals $3.6M from Crypto ATMs

Bitcoin Depot lost $3.6 million USD in a cyberattack on its crypto ATM wallets April 11, 2026. The breach exposes fintech risks amid rising hacks.

Bitcoin Depot cyberattack stole $3.6M USD from its crypto ATM hot wallets on April 11, 2026. Hackers gained access via phishing and malware. Firm detected breach at 2:14 a.m. ET.

Bitcoin Depot runs 8,000+ ATMs across North America with 29% U.S. market share (Coin ATM Radar, Q1 2026). Machines let users buy BTC and ETH with cash; industry handles $1.2B USD monthly.

Bitcoin Depot Cyberattack Mechanics

April 10: Attackers phished employees, deployed malware to steal MFA codes and keys. At 2:14 a.m. ET April 11, hackers drained 48.4 BTC ($3.5M USD) and 1,600 ETH ($100K USD) to mixer addresses (Etherscan).

Recorded Future News reviewed logs: intrusion via compromised VPN. Mandiant attributes attack to North Korea's Lazarus Group, which stole $600M USD from Ronin (2022, U.S. Treasury) and $100M USD from Harmony Horizon.

Lazarus phishing leads to wallet drains. Chainalysis: 70% of 2025 crypto hacks hit bridges and hot wallets.

Immediate Response

Bitcoin Depot shut all 8,000 ATMs by 6 a.m. ET and isolated systems. Hired CrowdStrike for forensics, Fireblocks for recovery. CEO David Grindlay: "Customer funds secure in cold storage (95% reserves, Q1 2026 OTC filing)."

Hot wallets held 5% for liquidity. Firm reimburses users, upgrades to multi-sig. Ops paused to April 14, cutting $50M USD weekly volume.

Stock and Market Fallout

Shares plunged 15% to $1.42 USD on OTCQX, erasing $30M USD from $200M cap. Volume spiked 500% (OTC Markets).

BTC rose 1% to $72,970 USD; ETH +2.2% to $2,244 USD. Crypto Fear & Greed Index fell to 15 (extreme fear), Alternative.me.

Fintech Vulnerabilities Exposed

ATMs rely on centralized servers and APIs, single failure points. 37,000 global units; North America 65% volume (Coin ATM Radar). Chainalysis 2025: 70% hacks target wallets/bridges.

Bitcoin Depot fined $1.5M USD by FinCEN (2024 AML). Bitstop added HSMs (2025), cut risks 60%. Bitcoin Depot lagged zero-trust (Recorded Future).

Lightning ATMs cut server dependence 80% via P2P, no hot wallets.

Recovery and Regulation

Bitcoin Depot allocates $5M USD, partners Elliptic for tracing. Lazarus recoveries average 20% (Chainalysis mixers).

Sen. Cynthia Lummis' Crypto Stability Act (April 10, 2026) mandates SOC 2, cold storage for fintechs. Targets ATMs after 150% hack surge since 2024.

ATM installs fell 10% Q1 2026; Coinbase Wallet grew 25% YoY. Bitcoin Depot must audit security.

Long-Term Outlook

This Bitcoin Depot cyberattack spotlights state-sponsored fintech risks. Quantum encryption and AI detection will lead. Bitcoin Depot targets 10,000 ATMs by 2027 with defenses. Crypto's $2.5T USD market needs resilience after $3.7B USD 2025 hacks.

Bitcoin Depotcrypto ATMcryptocurrency theft

Bitcoin Depot cyberattack stole $3.6M USD from its crypto ATM hot wallets on April 11, 2026. Hackers gained access via phishing and malware. Firm detected breach at 2:14 a.m. ET.

Bitcoin Depot runs 8,000+ ATMs across North America with 29% U.S. market share (Coin ATM Radar, Q1 2026). Machines let users buy BTC and ETH with cash; industry handles $1.2B USD monthly.

Bitcoin Depot Cyberattack Mechanics

Lazarus phishing leads to wallet drains. Chainalysis: 70% of 2025 crypto hacks hit bridges and hot wallets.

Immediate Response

Hot wallets held 5% for liquidity. Firm reimburses users, upgrades to multi-sig. Ops paused to April 14, cutting $50M USD weekly volume.

Stock and Market Fallout

Shares plunged 15% to $1.42 USD on OTCQX, erasing $30M USD from $200M cap. Volume spiked 500% (OTC Markets).

BTC rose 1% to $72,970 USD; ETH +2.2% to $2,244 USD. Crypto Fear & Greed Index fell to 15 (extreme fear), Alternative.me.

Fintech Vulnerabilities Exposed

ATMs rely on centralized servers and APIs, single failure points. 37,000 global units; North America 65% volume (Coin ATM Radar). Chainalysis 2025: 70% hacks target wallets/bridges.

Bitcoin Depot fined $1.5M USD by FinCEN (2024 AML). Bitstop added HSMs (2025), cut risks 60%. Bitcoin Depot lagged zero-trust (Recorded Future).

Lightning ATMs cut server dependence 80% via P2P, no hot wallets.

Recovery and Regulation

Bitcoin Depot allocates $5M USD, partners Elliptic for tracing. Lazarus recoveries average 20% (Chainalysis mixers).

Sen. Cynthia Lummis' Crypto Stability Act (April 10, 2026) mandates SOC 2, cold storage for fintechs. Targets ATMs after 150% hack surge since 2024.

ATM installs fell 10% Q1 2026; Coinbase Wallet grew 25% YoY. Bitcoin Depot must audit security.

Bitcoin Depot Cyberattack Steals $3.6M from Crypto ATMs

Bitcoin Depot Cyberattack Mechanics

Immediate Response

Stock and Market Fallout

Fintech Vulnerabilities Exposed

Recovery and Regulation

Long-Term Outlook

Recommended for You

Iran Crypto Toll: $1 Per Barrel for Hormuz Oil

South Korea Digital Asset Law Proposes Stablecoin Rules

White House Backs Stablecoin Interest Payments vs Banks

Fed Approves Kraken Fed Payment Access April 11 Amid Stability Fears

Bitcoin Depot Cyberattack Steals $3.6M from Crypto ATMs

Bitcoin Depot Cyberattack Mechanics

Immediate Response

Stock and Market Fallout

Fintech Vulnerabilities Exposed

Recovery and Regulation

Long-Term Outlook

Recommended for You

Iran Crypto Toll: $1 Per Barrel for Hormuz Oil

South Korea Digital Asset Law Proposes Stablecoin Rules

White House Backs Stablecoin Interest Payments vs Banks

Fed Approves Kraken Fed Payment Access April 11 Amid Stability Fears