Bitcoin Depot Discloses Data Breach Impacting Over 26,000 Customers
Bitcoin Depot, one of the largest crypto ATM operators in the United States, has confirmed a significant data breach affecting 26,732 customers, stemming from an external system intrusion that occurred on June 23, 2024.
The company officially disclosed the breach on July 8, 2025, in a notification to the attorneys general of Maine and Massachusetts, explaining that the delay in disclosure was due to instructions from federal law enforcement amid an active investigation into the third-party perpetrators.
“At the direction of federal law enforcement, we were asked to delay notification due to an active investigation,” a Bitcoin Depot spokesperson told Cointelegraph, adding that they were only cleared to notify customers as of June 13, 2025.
What Was Exposed?
According to Bitcoin Depot’s notice, the breach compromised sensitive personal information, including:
-
Full names
-
Phone numbers
-
Driver’s license numbers
-
Potentially home addresses
-
Birthdates
-
Email addresses
Despite the severity of the breach, no evidence has emerged indicating that the stolen data has been misused.
“We remain committed to protecting customer data and privacy,” the company said, advising affected users to monitor their credit reports, consider fraud alerts, and potentially initiate security freezes with credit agencies.
How the Breach Unfolded
The incident traces back to unusual activity detected on Bitcoin Depot’s network in June 2024. The company promptly engaged a leading cybersecurity firm, which completed its investigation by July 18, 2024. It confirmed that a third party had gained unauthorized access to customer files.
Bitcoin Depot has since taken action to strengthen its internal defenses, including:
-
Enhancing security infrastructure
-
Increasing employee awareness of data protection practices
-
Expanding real-time monitoring capabilities
The firm is also cooperating with law enforcement in the ongoing investigation.
Crypto Industry Still a Major Target for Hackers
This incident is part of a wider trend of cyberattacks targeting crypto and fintech firms:
-
In May 2025, Coinbase confirmed a breach involving bribed third-party contractors and rejected a $20 million ransom after customer data was leaked.
-
Byte Federal, another crypto ATM provider, revealed in December that a breach had compromised the data of up to 58,000 users.
Moreover, cybersecurity researchers reported in June that over 16 billion login credentials across various platforms had been compromised in 2025 alone.
What Affected Users Should Do
Bitcoin Depot is encouraging customers to:
-
Remain vigilant for signs of identity theft or unauthorized account activity
-
Set up fraud alerts with credit bureaus
-
Consider placing a security freeze on their credit profiles
While no user funds have been reported lost, the breach highlights ongoing vulnerabilities in crypto infrastructure, particularly around user identity and privacy protections. The industry continues to grapple with evolving cybersecurity challenges amid a broader push for regulatory compliance and consumer trust.
