Bitcoin Depot Admits Data Breach of 27,000 Users
Bitcoin Depot, a major U.S.-based crypto ATM operator, has disclosed a massive data breach that compromised the personal details of almost 27,000 customers—more than a year after the incident.
As reported in official filings with attorneys general in Maine and Massachusetts, an already-known breach happened on June 23, 2024, via a vulnerability in an external third party. The breached data may involve names, mobile numbers, driver’s license numbers, residential addresses, birth dates, and email IDs—the type of sensitive data generally collected through KYC (Know Your Customer).
Delay Due to Federal Investigation
The company said it was told by federal law enforcement not to notify the public while the investigation was ongoing. The investigation was officially wrapped up on June 13, 2025. After that, Bitcoin Depot got the green light to notify the impacted.
A spokesperson for the company said that they had been instructed not to disclose as it would hamper the investigation. Despite no evidence of misuse having emerged as of yet, the long delay has raised the alarm from customers and security experts.
Potential Risks for Users
Although the company behind the Bitcoin ATM services claims there’s no sign of misuse, experts have warned that the exposure of that kind of information can easily be used for identity theft, phishing attacks, and financial fraud.
Customers have been advised to remain vigilant by:
- Monitoring credit reports and financial accounts
- Watching for suspicious emails or calls
- Enabling two-factor authentication
- Freezing credit reports if necessary
Industry Reactions and Security Upgrades
The cryptocurrency sector is becoming increasingly worried about its vulnerability to data breaches. Byte Federal has been hacked too, spilling the data of over 58,000 users. Other crypto ATM providers have also been victims of such attacks.
According to Bitcoin Depot, it is in close contact with investigators. It has upgraded its security protocols for tighter safeguards in the future. However, the long delay has invited criticism, with users now questioning the transparency and responsiveness of crypto firms regarding handling sensitive customer data.
Final Thoughts
As cryptocurrency adoption expands, so do the threats. The breach of Bitcoin Depot reminds everyone that strong cybersecurity and timely communications are not options but rather necessities. To survive in this digital age, crypto companies need to build user trust, ensure data privacy, and take accountability.
