Bitcoin Depot Discloses Data Leak Impacting 27K Customers
Bitcoin Depot alerted users that a breach dating to June 2024 exposed names, phone numbers, and driver’s license data for 26,732 customers.
In a notice filed with the Maine and Massachusetts attorneys general, Bitcoin Depot revealed that nearly 27,000 customers’ personal information was compromised by an external intrusion, although there is no indication the data has been exploited.
Bitcoin Depot, the operator of over 8,800 crypto ATMs across North America and Australia, experienced a breach that exposed customer KYC data, including full names, phone numbers and driver’s license data. The incident occurred on June 23, 2024, but the company only completed its internal investigation by July 18, 2024.
Federal Investigation Delays Notification
The company was instructed by federal law enforcement to withhold notifications until their inquiry closed on June 13, 2025. After detecting suspicious activity, Bitcoin Depot engaged third-party forensic experts and implemented enhanced security measures but refrained from public notification until law enforcement approval.
“Bitcoin Depot is cooperating fully with law enforcement in relation to this incident. We take the security of all information in our systems very seriously, and we want to assure you that we’ve already taken steps to prevent a reoccurrence by enhancing security measures and security monitoring and increasing company awareness of data security protection,”
Bitcoin Depot spokesperson said.
The breach stemmed from unauthorized access to an external system, likely targeting KYC data that ATM operators collect to comply with FinCEN regulations.
Scope of Compromised Data
Some affected records also included customer addresses, dates of birth and email addresses, though Social Security numbers were not compromised. Bitcoin Depot did not offer identity protection services, advising users instead to monitor credit reports, set up fraud alerts and security freezes.
The company’s native token and other operations were unaffected, and Bitcoin Depot emphasized its commitment to data privacy and system hardening following the incident.
Crypto ATM firms routinely collect sensitive customer data under AML/KYC rules, making them prime targets for hackers. Byte Federal disclosed a similar breach affecting 58,000 users in December 2024, highlighting recurring security challenges for ATM operators in the sector.
Content on BlockPort is provided for informational purposes only and does not constitute financial guidance.
We strive to ensure the accuracy and relevance of the information we share, but we do not guarantee that all content is complete, error-free, or up to date. BlockPort disclaims any liability for losses, mistakes, or actions taken based on the material found on this site.
Always conduct your own research before making financial decisions and consider consulting with a licensed advisor.
For further details, please review our Terms of Use, Privacy Policy, and Disclaimer.
Articles by this author
