Bitcoin Depot Reveals 2024 Data Breach to Users
The breach took place in June of 2024, but was only recently made public due to an ongoing federal investigation. It compromised sensitive customer data including names, driver’s license numbers, and contact information. This incident now adds to a growing list of major hacks in 2025, including the recent $40 million GMX V1 exploit and the $1.4 billion Bybit hack earlier this year. Meanwhile, regulators are cracking down on crypto ATMs globally. In fact, New Zealand became the latest country to ban them entirely to combat money laundering. The city of Spokane in Washington State also enacted a full ban on crypto ATMs due to their use in defrauding vulnerable populations.
Crypto ATM Giant Discloses 2024 Breach
Bitcoin Depot, one of the largest crypto ATM operators in the United States, confirmed a data breach that compromised the personal information of almost 27,000 customers. The incident took place on June 23, 2024, but was only disclosed this week after the company received clearance from law enforcement.
According to a notice that was filed with the attorneys general in Maine and Massachusetts, the breach affected 26,732 people and involved sensitive data, including names, phone numbers, driver's license numbers, and potentially addresses, birth dates, and email addresses.
Part of the notice that was sent out to affected customers
A Bitcoin Depot spokesperson shared that the notification delay was due to instructions from federal law enforcement, which were conducting an investigation into the breach. The company was only advised on June 13, 2025, that the investigation concluded and that it could begin notifying those affected.
The breach was first detected in June of 2024, when the company noticed some unusual activity on its network. Bitcoin Depot immediately launched an investigation with a top cybersecurity firm, which confirmed on July 18, 2024, that an unauthorized party accessed files containing customer information. While the company claims there is no evidence that the stolen information was misused, it is urging customers to monitor their credit reports and consider placing fraud alerts or security freezes with major credit agencies.
Bitcoin Depot says it has since taken steps to improve its cybersecurity infrastructure, including enhanced monitoring, increased internal awareness around data protection, and cooperation with law enforcement. This incident happened amid a series of high-profile data breaches in the crypto sector, including a December 2024 attack on Byte Federal that affected up to 58,000 users and a May 2025 breach at Coinbase, where hackers bribed third-party contractors and later demanded a $20 million ransom.
Recent reports also indicate that more than 16 billion login credentials have been exposed this year alone, thanks to hackers targeting digital platforms with valuable user data.
GMX V1 Hit by $40M Exploit
Bitcoin Depot is certainly not alone in its struggles against crypto criminals. The GMX protocol halted trading on its GMX V1 platform after a major exploit that resulted in the theft of $40 million in digital assets.
The breach affected a liquidity pool on the Arbitrum network that underpins the GMX V1 exchange. This pool included assets like Bitcoin, Ethereum, and stablecoins. The stolen funds were then transferred to an unknown wallet. In response, the GMX team suspended minting and redemption of GLP tokens on both the Arbitrum and Avalanche networks as a precautionary measure. Users were advised to disable leverage trading and adjust their settings to stop minting GLP tokens.
According to the GMX team, the exploit was isolated to GMX V1 and does not impact GMX V2, its associated markets, or the GMX token itself. Blockchain security firm SlowMist attributed the incident to a design flaw in the GLP token's pricing mechanism, which allowed attackers to manipulate the total assets under management and execute the exploit.
This latest attack now only adds to the growing list of cybersecurity breaches in the crypto. Space, which already led to billions in losses. In the first half of 2025 alone, crypto hacks caused an estimated $2.5 billion in damages. A big portion of that, approximately $1.4 billion, stemmed from the Bybit hack in February.
In another recent incident, Iranian crypto exchange Nobitex suffered over $81 million in losses due to a cyberattack by a group known as Gonjeshke Darande, forcing a temporary pause in services.
To complicate things even more for the security landscape, the United States Treasury’s Office of Foreign Assets Control announced sanctions on North Korean hacker Song Kum Hyok. The hacker is tied to state-affiliated cyber operations, and is accused of infiltrating cryptocurrency firms and defense contractors using social engineering and advanced breach tactics.
New Zealand Bans Crypto ATMs Nationwide
While exploits are causing problems for the crypto industry, crypto ATM’s are also starting to frustrate regulators. New Zealand even recently introduced a nationwide ban on cryptocurrency ATMs and imposed a $5,000 limit on international cash transfers as part of sweeping reforms that are specifically aimed at combating money laundering and organized financial crime.
The measures were announced by Associate Justice Minister Nicole McKee, who explained that the government is very committed to targeting criminal activity while minimizing regulatory burdens for legitimate businesses. McKee stated that banning crypto ATMs will make it much harder for criminals to convert cash into high-risk digital assets, which are often used to conceal illicit transactions.
Crypto ATMs
The crackdown is part of the broader overhaul of New Zealand’s Anti-Money Laundering and Countering the Financing of Terrorism regime. The reform package also grants the Financial Intelligence Unit expanded authority to request ongoing information from financial institutions about individuals flagged for suspicious activity. Two new legislative bills supporting these reforms are currently in parliament and are expected to pass by the end of the year. The goals of these laws are to reduce compliance complexity for honest businesses while also maintaining robust financial oversight.
The government’s approach is informed by an April report from New Zealand’s Ministerial Advisory Group on Transnational, Serious and Organised Crime, which shed some light on the increasing use of crypto ATMs to launder money, particularly for drug trafficking and fraud. According to Coin ATM Radar, over 220 crypto kiosks are currently operating across the country, but all will be removed under the new rules.
Bitcoin ATMs in New Zealand (Source: Coin ATM Radar)
New Zealand’s move is similar to the global trend of tightening controls around crypto ATMs. In Australia, the financial intelligence agency AUSTRAC recently introduced new restrictions on crypto ATM operations, including caps on cash deposits and stricter compliance requirements. Similarly, the city of Spokane in Washington State enacted a full ban on crypto ATMs, due to their use in defrauding vulnerable populations, particularly in low-income communities.
Bitcoin Depot Reveals 2024 Data Breach to Users
The breach took place in June of 2024, but was only recently made public due to an ongoing federal investigation. It compromised sensitive customer data including names, driver’s license numbers, and contact information. This incident now adds to a growing list of major hacks in 2025, including the recent $40 million GMX V1 exploit and the $1.4 billion Bybit hack earlier this year. Meanwhile, regulators are cracking down on crypto ATMs globally. In fact, New Zealand became the latest country to ban them entirely to combat money laundering. The city of Spokane in Washington State also enacted a full ban on crypto ATMs due to their use in defrauding vulnerable populations.
Crypto ATM Giant Discloses 2024 Breach
Bitcoin Depot, one of the largest crypto ATM operators in the United States, confirmed a data breach that compromised the personal information of almost 27,000 customers. The incident took place on June 23, 2024, but was only disclosed this week after the company received clearance from law enforcement.
According to a notice that was filed with the attorneys general in Maine and Massachusetts, the breach affected 26,732 people and involved sensitive data, including names, phone numbers, driver's license numbers, and potentially addresses, birth dates, and email addresses.
Part of the notice that was sent out to affected customers
A Bitcoin Depot spokesperson shared that the notification delay was due to instructions from federal law enforcement, which were conducting an investigation into the breach. The company was only advised on June 13, 2025, that the investigation concluded and that it could begin notifying those affected.
The breach was first detected in June of 2024, when the company noticed some unusual activity on its network. Bitcoin Depot immediately launched an investigation with a top cybersecurity firm, which confirmed on July 18, 2024, that an unauthorized party accessed files containing customer information. While the company claims there is no evidence that the stolen information was misused, it is urging customers to monitor their credit reports and consider placing fraud alerts or security freezes with major credit agencies.
Bitcoin Depot says it has since taken steps to improve its cybersecurity infrastructure, including enhanced monitoring, increased internal awareness around data protection, and cooperation with law enforcement. This incident happened amid a series of high-profile data breaches in the crypto sector, including a December 2024 attack on Byte Federal that affected up to 58,000 users and a May 2025 breach at Coinbase, where hackers bribed third-party contractors and later demanded a $20 million ransom.
Recent reports also indicate that more than 16 billion login credentials have been exposed this year alone, thanks to hackers targeting digital platforms with valuable user data.
GMX V1 Hit by $40M Exploit
Bitcoin Depot is certainly not alone in its struggles against crypto criminals. The GMX protocol halted trading on its GMX V1 platform after a major exploit that resulted in the theft of $40 million in digital assets.
The breach affected a liquidity pool on the Arbitrum network that underpins the GMX V1 exchange. This pool included assets like Bitcoin, Ethereum, and stablecoins. The stolen funds were then transferred to an unknown wallet. In response, the GMX team suspended minting and redemption of GLP tokens on both the Arbitrum and Avalanche networks as a precautionary measure. Users were advised to disable leverage trading and adjust their settings to stop minting GLP tokens.
According to the GMX team, the exploit was isolated to GMX V1 and does not impact GMX V2, its associated markets, or the GMX token itself. Blockchain security firm SlowMist attributed the incident to a design flaw in the GLP token's pricing mechanism, which allowed attackers to manipulate the total assets under management and execute the exploit.
This latest attack now only adds to the growing list of cybersecurity breaches in the crypto. Space, which already led to billions in losses. In the first half of 2025 alone, crypto hacks caused an estimated $2.5 billion in damages. A big portion of that, approximately $1.4 billion, stemmed from the Bybit hack in February.
In another recent incident, Iranian crypto exchange Nobitex suffered over $81 million in losses due to a cyberattack by a group known as Gonjeshke Darande, forcing a temporary pause in services.
To complicate things even more for the security landscape, the United States Treasury’s Office of Foreign Assets Control announced sanctions on North Korean hacker Song Kum Hyok. The hacker is tied to state-affiliated cyber operations, and is accused of infiltrating cryptocurrency firms and defense contractors using social engineering and advanced breach tactics.
New Zealand Bans Crypto ATMs Nationwide
While exploits are causing problems for the crypto industry, crypto ATM’s are also starting to frustrate regulators. New Zealand even recently introduced a nationwide ban on cryptocurrency ATMs and imposed a $5,000 limit on international cash transfers as part of sweeping reforms that are specifically aimed at combating money laundering and organized financial crime.
The measures were announced by Associate Justice Minister Nicole McKee, who explained that the government is very committed to targeting criminal activity while minimizing regulatory burdens for legitimate businesses. McKee stated that banning crypto ATMs will make it much harder for criminals to convert cash into high-risk digital assets, which are often used to conceal illicit transactions.
Crypto ATMs
The crackdown is part of the broader overhaul of New Zealand’s Anti-Money Laundering and Countering the Financing of Terrorism regime. The reform package also grants the Financial Intelligence Unit expanded authority to request ongoing information from financial institutions about individuals flagged for suspicious activity. Two new legislative bills supporting these reforms are currently in parliament and are expected to pass by the end of the year. The goals of these laws are to reduce compliance complexity for honest businesses while also maintaining robust financial oversight.
The government’s approach is informed by an April report from New Zealand’s Ministerial Advisory Group on Transnational, Serious and Organised Crime, which shed some light on the increasing use of crypto ATMs to launder money, particularly for drug trafficking and fraud. According to Coin ATM Radar, over 220 crypto kiosks are currently operating across the country, but all will be removed under the new rules.
Bitcoin ATMs in New Zealand (Source: Coin ATM Radar)
New Zealand’s move is similar to the global trend of tightening controls around crypto ATMs. In Australia, the financial intelligence agency AUSTRAC recently introduced new restrictions on crypto ATM operations, including caps on cash deposits and stricter compliance requirements. Similarly, the city of Spokane in Washington State enacted a full ban on crypto ATMs, due to their use in defrauding vulnerable populations, particularly in low-income communities.