Bitcoin Depot (NASDAQ: BTM) details $3.665M Bitcoin cyber theft loss

Rhea-AI Filing Summary

Bitcoin Depot Inc. reported a cybersecurity incident in which an unauthorized actor accessed certain corporate information technology systems and obtained credentials for its digital asset settlement accounts. Using these, the actor transferred approximately 50.903 Bitcoin, valued at about $3.665 million as of the incident date, from company-controlled wallets without authorization.

The company believes the incident was contained to its corporate environment and did not affect customer platforms, divisions, systems, data or environments, and it has found no evidence so far that customer personally identifiable information was accessed. Bitcoin Depot has recorded a preliminary estimated loss of $3.665 million and is working with external cybersecurity experts and law enforcement while reinforcing its systems.

The company determined the incident is material due to potential consequences such as reputational harm and legal, regulatory and response costs, but currently believes it is not reasonably likely to have a material impact on its overall financial condition or results of operations. Insurance coverage may offset some losses, though recovery is not assured.

Insights

Cybersecurity and risk analyst

Bitcoin Depot reports a contained but material cyber theft of digital assets.

Bitcoin Depot discloses that an unauthorized actor accessed corporate systems, obtained credentials for digital asset settlement accounts, and transferred 50.903 Bitcoin, valued at about $3.665 million, from company-controlled wallets. The company has recorded a preliminary loss equal to this fair value.

Management states the incident is material due to potential reputational, legal, regulatory and response costs, yet currently believes it is not reasonably likely to materially affect overall financial condition or results. The impact therefore appears more operational and reputational than balance-sheet driven based on current information.

The company reports no evidence that customer platforms or personally identifiable information were affected and notes that insurance may cover some of the loss, though sufficiency is uncertain. Ongoing investigation and any future updates under Item 1.05 will clarify the ultimate financial and operational impact.

8-K Event Classification

2 items: 1.05, 9.01

2 items

Item 1.05 Material Cybersecurity Incidents Business

A cybersecurity incident that the company has determined to be material to investors.

Item 9.01 Financial Statements and Exhibits Exhibits

Financial statements, pro forma financial information, and exhibit attachments filed with this report.

Key Figures

Bitcoin transferred: 50.903 Bitcoin Preliminary loss estimate: $3.665 million Warrant exercise price: $80.50 per share

3 metrics

Bitcoin transferred 50.903 Bitcoin Digital assets moved without authorization from company-controlled wallets

Preliminary loss estimate $3.665 million Fair value of 50.903 Bitcoin as of incident date

Warrant exercise price $80.50 per share Exercise price for each whole warrant of Class A Common Stock

Key Terms

digital asset settlement accounts, personally identifiable information, forward-looking statements, emerging growth company

4 terms

digital asset settlement accounts financial

"obtained control of credentials associated with the Company’s digital asset settlement accounts"

personally identifiable information regulatory

"has not identified evidence that customer personally identifiable information was accessed or exfiltrated"

Personally identifiable information (PII) is any data that can directly or indirectly identify a single person — for example: full name, home address, national ID numbers, phone or email, financial account details, or unique biometric data. Investors care because mishandling or loss of PII can trigger regulatory fines, costly cleanup and lost customer trust; think of a data breach like losing the keys to many customers’ homes, which can hurt a company’s finances and stock value.

forward-looking statements regulatory

"includes “forward-looking statements” within the meaning of Section 27A of the Securities Act"

Forward-looking statements are predictions or plans that companies share about what they expect to happen in the future, like estimating sales or profits. They matter because they help investors understand a company's outlook, but since they are based on guesses and assumptions, they can sometimes be wrong.

emerging growth company regulatory

"Emerging growth company  (the “Company”) discovered that an unauthorized party"

An emerging growth company is a recently public or smaller public firm that qualifies for temporary, lighter regulatory and disclosure rules to reduce the cost and effort of being public. For investors, it means the company may provide less historical financial detail and face fewer reporting requirements than larger firms, so it can grow more quickly but also carries higher uncertainty—like buying a promising early-stage product with fewer user reviews.

Understanding 8-K Material Events →

0001901799false0001901799us-gaap:WarrantMember2026-04-062026-04-060001901799us-gaap:CommonClassAMember2026-04-062026-04-0600019017992026-04-062026-04-06

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 8-K

CURRENT REPORT

Pursuant to Section 13 or 15(d)

of the Securities Exchange Act of 1934

Date of Report (Date of earliest event reported): April 6, 2026

Bitcoin Depot Inc.

(Exact name of registrant as specified in its charter)

Delaware		001-41305		87-3219029
(State or other jurisdiction of incorporation or organization)		(Commission File Number)		(I.R.S. Employer Identification No.)

8601 Dunwoody Place

Sandy Springs, GA 30350

(Address of principal executive offices)

(678) 435-9604

Registrant’s telephone number, including area code

Not Applicable

(Former name or former address, if changed since last report)

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligations of the registrant under any of the following provisions:

☐ Written communications pursuant to Rule 425 under the Securities Act (17 CRF 230.425)

☐ Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CRF 240.14a-12)

☐ Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CRF 240.14d-2(b))

☐ Pre-commencement communications pursuant to Rule 13c-4(c) under the Exchange Act (17 CRF 240.13e-4(c))

Securities registered pursuant to Section 12(b) of the Act:

Title of each class		Trading Symbol(s)		Name of each exchange on which registered
Class A Common Stock, par value $0.0001 per share		BTM		The Nasdaq Stock Market LLC
Warrants, each whole warrant exercisable for one share of Class A Common Stock at an exercise price of $80.50 per share		BTMWW		The Nasdaq Stock Market LLC

Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 or Rule 12b-2 of the Securities Exchange Act of 1934.

Emerging growth company ☒

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act ☐

Item 1.05 Material Cybersecurity Incident.

On March 23, 2026, Bitcoin Depot Inc. (the “Company”) discovered that an unauthorized party gained access to certain of its information technology systems. Upon detection, the Company promptly activated its incident response protocols, engaged external cybersecurity experts, and notified law enforcement. Based on the Company’s investigation to date, the unauthorized actor gained access to certain systems and obtained control of credentials associated with the Company’s digital asset settlement accounts. As a result, the unauthorized actor transferred approximately 50.903 Bitcoin from Company-controlled wallets, valued at approximately $3.665 million as of the date of this report, without authorization. The Company further believes that the incident was contained to the Company’s corporate environment and did not affect the Company’s customer platforms, divisions, systems, data or environments.

The Company continues to investigate the nature and scope of the incident with the assistance of third-party specialists. As part of its remediation efforts, the Company is working with its outside cybersecurity experts to further reinforce its information technology systems and to prevent future unauthorized access. The Company has not identified evidence that customer personally identifiable information was accessed or exfiltrated in connection with the incident; however, the investigation remains ongoing.

As of the date of this Current Report on Form 8-K, the incident has not had a material impact on the Company’s operations. On April 6, 2026, the Company nevertheless determined that the incident is material in light of potential consequences of the incident, including reputations harm, legal, regulatory and response costs. The Company believes that the incident is not reasonably likely to have a material impact on the Company’s financial condition or results of operations but has not yet determined the full impact of the incident. The Company has recorded a preliminary estimate of loss of approximately $3.665 million, representing the fair value of the Bitcoin transferred without authorization as of the date of the incident. The ultimate impact may differ from this estimate as the investigation continues. The Company maintains insurance coverage that may cover certain losses associated with cybersecurity incidents, but there can be no assurance that such coverage will be sufficient to recover any or all losses incurred as a result of this incident.

As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet completely known. To the extent any information required by Item 1.05(a) of Form 8-K was not determined or was unavailable at the time of this filing, the Company will amend this Current Report on Form 8-K as such information is determined or becomes available.

Cautionary Note Regarding Forward-Looking Statements

This Current Report on Form 8-K includes “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Exchange Act. Forward-looking statements are any statements other than statements of historical fact, and include, but are not limited to, statements regarding the expectations of plans, business strategies, objectives and growth and anticipated financial and operational performance, including our growth strategy and ability to increase deployment of our products and services, the anticipated effects of the Agreement. These forward-looking statements are based on management’s current beliefs, based on currently available information, as to the outcome and timing of future events. Forward-looking statements are often identified by words such as "anticipate," "appears," "approximately," "believe," "continue," "could," "designed," "effect," "estimate," "evaluate," "expect," "forecast," "goal," "initiative," "intend," "may," "objective," "outlook," "plan," "potential," "priorities," "project," "pursue," "seek," "should," "target," "when," "will," "would," or the negative of any of those words or similar expressions that predict or indicate future events or trends or that are not statements of historical matters, although not all forward-looking statements contain such identifying words. In making these statements, we rely upon assumptions and analysis based on our experience and perception of historical trends, current conditions, and expected future developments, as well as other factors we consider appropriate under the circumstances. We believe these judgments are reasonable, but these statements are not guarantees of any future events or financial results. These forward-looking statements are provided for illustrative purposes only and are not intended to serve as, and must not be relied on by any investor as, a guarantee, an assurance, a prediction or a definitive statement of fact or probability. Actual events and circumstances are difficult or impossible to predict and will differ from assumptions. Many actual events and circumstances are beyond our control.

These forward-looking statements are subject to a number of risks and uncertainties, including changes in domestic and foreign business, market, financial, political and legal conditions; failure to realize the anticipated benefits of the business combination; future global, regional or local economic and market conditions; the development, effects and enforcement of laws and regulations; our ability to manage future growth; our ability to develop new products and services, bring them to market in a timely manner and make enhancements to our platform; the effects of competition on our future business; our ability to issue equity or equity-linked securities; the outcome of any potential litigation, government and regulatory proceedings, investigations and inquiries; and those factors described or referenced in filings with the Securities and Exchange Commission. If any of these risks materialize or our assumptions prove incorrect, actual results could differ materially from the results implied by these forward-looking statements. There may be additional risks that we do not presently know or that we currently believe are immaterial that could also cause actual results to differ from those contained in the forward-looking statements. In addition, forward-looking statements reflect our expectations, plans or

forecasts of future events and views as of the date of this press release. We anticipate that subsequent events and developments will cause our assessments to change.

We caution readers not to place undue reliance on forward-looking statements. Forward-looking statements speak only as of the date they are made, and we undertake no obligation to update publicly or otherwise revise any forward-looking statements, whether as a result of new information, future events, or other factors that affect the subject of these statements, except where we are expressly required to do so by law. All written and oral forward-looking statements attributable to us are expressly qualified in their entirety by this cautionary statement.

Item 9.01 Financial Statements and Exhibits.

(d) Exhibits

Exhibit Number		Description
104		Cover Page Interactive Data File (embedded within the Inline XBRL document)

SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, as amended, the Registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.

				Bitcoin Depot Inc.
Dated: April 8, 2026				By:		/s/ Christopher Ryan
				Name:		Christopher Ryan
				Title:		General Counsel and Corporate Secretary

FAQ

What happened in Bitcoin Depot (BTM)'s reported cybersecurity incident?

Bitcoin Depot experienced a cybersecurity incident where an unauthorized actor accessed certain corporate systems and transferred 50.903 Bitcoin, worth about $3.665 million, from company-controlled wallets.

The company activated incident response protocols, engaged external cybersecurity experts, notified law enforcement, and is continuing to investigate and remediate its information technology environment.

How much did Bitcoin Depot (BTM) lose in the cyber theft?

The unauthorized actor transferred 50.903 Bitcoin from Bitcoin Depot’s company-controlled wallets, valued at approximately $3.665 million as of the date of the incident.

The company has recorded a preliminary estimated loss of about $3.665 million, noting that the ultimate impact may differ as the investigation continues and asset values change.

Did the Bitcoin Depot (BTM) cyber incident affect customer data or platforms?

Bitcoin Depot believes the incident was contained to its corporate environment and did not affect customer platforms, divisions, systems, data or environments.

The company states it has not identified evidence that customer personally identifiable information was accessed or exfiltrated, although the investigation of the incident remains ongoing with third-party specialists.

Does Bitcoin Depot (BTM) expect a material financial impact from the cyber attack?

Bitcoin Depot currently believes the incident is not reasonably likely to have a material impact on its financial condition or results of operations.

However, it determined the incident to be material overall due to potential reputational harm and legal, regulatory and response costs, and the final financial impact may change as the investigation proceeds.

What insurance coverage does Bitcoin Depot (BTM) have for this cybersecurity loss?

Bitcoin Depot maintains insurance coverage that may cover certain losses associated with cybersecurity incidents, including this event.

The company cautions there can be no assurance that such coverage will be sufficient to recover any or all losses incurred, so net financial impact will depend on policy terms and claim outcomes.

How is Bitcoin Depot (BTM) responding to the cybersecurity breach operationally?

Upon detecting the incident, Bitcoin Depot activated incident response protocols, engaged external cybersecurity experts, and notified law enforcement agencies.

As part of remediation, the company is working with outside specialists to further reinforce its information technology systems and implement measures designed to prevent future unauthorized access to its digital asset-related infrastructure.

Filing Exhibits & Attachments

1 document

Other Documents

• EX-101 XBRL TAXONOMY EXTENSION SCHEMA WITH EMBEDDED LINKBASES DOCUMENT 48.6 KB