Bitcoin Depot Inc. reportedly failed to identify a knowledge breach that resulted within the lack of over 50 bitcoins (BTC) price $3.7 million for 3 days.
The BTC ATM operator disclosed the lack of 50.9 BTC in an SEC submitting earlier this week, stating that the attacker gained entry to its IT methods and its digital asset settlement accounts on March 23.
This, it says, allowed them to maneuver the BTC from company-controlled wallets.
Nevertheless, in keeping with subsequent analysis from onchain sleuth ZachXBT, the breach really occurred three days earlier on March 20.
“On April 6, 2026 Bitcoin Depot disclosed in an SEC 8K filing it uncovered an incident on March 23, 2026 which resulted in 50.9 BTC ($3.6M) stolen,” wrote Zach on Telegram.
“Nevertheless the report didn’t embody theft addresses so I manually traced out the incident onchain and located 19 excessive confidence theft addresses from March 20.
“This means it took three days for Bitcoin Depot to notice the funds were missing from its business.”
Based mostly on the 8K submitting it appears it took 3 days for the BitcoinDepot workforce to note the $3.6M was stolen.
I traced it out and the suspicious outflows really occurred on March 20 and the funds had been transferred to Kucoin deposit addresses.
Theft addresses:… pic.twitter.com/953JNTnFsy
— ZachXBT (@zachxbt) April 9, 2026
Zach continued, “A delta of three.55 BTC (54.45 BTC complete) vs 50.9 BTC reported was discovered indicating different worker private accounts might have additionally been impacted.
“54 BTC ($3.7M) flowed to KuCoin, a crypto change more and more utilized by illicit actors.
“At the time of my post the theft addresses still have not been reported in any compliance tools I use.”
In response to the SEC submitting, Bitcoin Depot is constant to research the character and scope of the incident with the help of unnamed “third-party specialists.”
It additionally says it’s “working with its outside cybersecurity experts to further reinforce its information technology systems and to prevent future unauthorized access.”
It additionally reassures customers that no buyer personally identifiable data was accessed, however does add that the “investigation remains ongoing.”
