Hackers Hit Bitcoin Depot, Steal $3.6 Million

19 replies 361 views
silentchainHero Member
Posts: 473 · Reputation: 2317
#1Nov 16, 2020, 08:10 AM
So, Bitcoin Depot just reported a major breach to the SEC. Apparently, their system got compromised on March 23, and they took their sweet time to deal with it, allowing hackers to steal about 50.903 Bitcoin, which is roughly $3.665 million at the time of this news. And this ain’t their first rodeo. Back in 2024, they had another incident where some personal info of nearly 27,000 customers got exposed. Seems like these third-party services really need to step up their game when it comes to protecting against cyber attacks.
5 Reply Quote Share
fox_byteHero Member
Posts: 478 · Reputation: 2370
#2Nov 16, 2020, 01:49 PM
This amount is more than half of their income in 2025, so this year will be disastrous in terms of profits. How can a company like this leave 50.9 Bitcoin in hot wallets where unauthorized access leads to all these losses (or at least not a multi-signature wallet)?
4 Reply Quote Share
im_bullSenior Member
Posts: 224 · Reputation: 1421
#3Nov 18, 2020, 01:11 AM
This is a big loss for the company. Bitcoin ATM operators are constantly targeted by hackers because they have to hold funds to process transactions. Sadly, the company's insurance package will not cover the entire loss. Having different layers of security is essential and makes hacking difficult. Companies should always be ahead of scammers to avoid such losses.
2 Reply Quote Share
eric_diamondFull Member
Posts: 99 · Reputation: 687
#4Nov 18, 2020, 05:32 AM
Right, it's part and parcel of being a Bitcoin ATM operator, but still though they have the burden to hardened their security. They might have stop the hacks, but the hackers was able to get away with millions easy. I don't think that any services here might be ahead of the scammers, this kind of people are sophisticated enough to know the loophole and exploit before any of them knows what happened. Even if they react on time, gonna be too late. But then again, as I have said, they should really put everything in place to monitor any suspicious activity real time.
4 Reply Quote Share
colddiamondHero Member
Posts: 623 · Reputation: 2467
#5Nov 18, 2020, 06:41 AM
Well it sucks to be me again But on a separate note how can a place that is charging a 9%+ vig on BTC in and out have such a low profit. Did not read the report or anything else but was insurance mentioned anywhere? Taking a big hit like that hurts a lot, having at least some of the loss insured hurts a lot less. -Dave
2 Reply Quote Share
ryanwizardSenior Member
Posts: 334 · Reputation: 1694
#6Nov 18, 2020, 09:41 AM
There's no security measure the can take that can prevent these hackers from bypassing their system and protocols to take what is not theirs, only that the most painful aspect of this are the users involved that will be Affected because all their assets will be gone for life, this is also why we should understand the risk in using a custodial storage for our assets, anything that gives the third party authority over our coins is not at the best of our interest.
3 Reply Quote Share
the_matrixSenior Member
Posts: 313 · Reputation: 1887
#7Nov 19, 2020, 09:45 AM
Companies that hold a large amount of BTC are always the target of hackers, it is up to the institution to be ready for such attacks and try to prevent it. Bitcoin depot is one of the largest BTC atm networks, so maybe that can explain why they had such a huge amount of BTC in a hot wallet. But even if you are going to store such a large amount this way, there should be some extra layer of security to prevent something like this from happening. It is almost the same situation with centralized exchanges. They control a huge amount of money, yet, they keep falling victim to hackers and losing customer funds.
2 Reply Quote Share
jake.chainSenior Member
Posts: 280 · Reputation: 1307
#8Nov 19, 2020, 09:54 PM
Clearly, they weren’t using their money for the right reasons. They should have invested more in cybersecurity knowing they hold this much bitcoin. This should teach them a lesson and goodluck if they can still recover after this
3 Reply Quote Share
ColdViperSenior Member
Posts: 128 · Reputation: 842
#9Nov 20, 2020, 02:38 PM
All these incidents have happened many times in the past and are still happening today. Therefore, exchange commissions should be more aware and vigilant! Such incidents remind us that crypto security is not limited to the blockchain, but also has its importance in the weakest link in the system—company documents!
2 Reply Quote Share
Posts: 26 · Reputation: 174
#10Nov 21, 2020, 02:54 PM
Clearly, the security measures they have in place still can’t keep up with the ingenuity of hackers. since this doesn’t seem to be the first time this has happened, it’s evident that they still have vulnerabilities they need to address. But in this case, I think hackers are always one step ahead. and clearly, this will only lead to a loss of trust in companies that have been successfully hacked. But I’m still amazed that, despite holding such a massive amount of Bitcoin, they still haven’t realized there’s a vulnerability that hackers could exploit.
4 Reply Quote Share
w0lf404Hero Member
Posts: 801 · Reputation: 2381
#11Nov 22, 2020, 06:25 PM
The attack vector is still under investigation. This attack extends to the backend. I assume if the hackers also gain access to the wallet signer's credentials, even if they implement a multisig wallet, it's nearly useless. This is why CEX hotwallets (most of which implement multisig) can still be hacked without high computing power.
4 Reply Quote Share
lynx21Member
Posts: 25 · Reputation: 248
#12Nov 22, 2020, 11:58 PM
The question does not end there because I also want to mention something else, which is how such a big organization could have a system that becomes so easily vulnerable and ends up losing that amount of bitcoin. There are many other things that can be said about this but for now, this is what I want to point out. If the matter turns out to be true, then it is really unfortunate but to me, the whole situation still feels a bit suspicious.
1 Reply Quote Share
p1x3l365Senior Member
Posts: 511 · Reputation: 1890
#13Nov 23, 2020, 02:34 AM
Some firms and individuals bitcoineers actually think it's a sort of empty threats when they're told about the risks of storing their funds in the exchange, especially when it's being hold in there for a long term without even undermining the vulnerability as a hot wallet where the wallets private keys are stored online which can be a target for hackers which also the wallet data's via kyc's  is a weakness for the hot wallets securities. I'm also skeptical if the affected wallet was a signed with multi signature which of course should had straightened its security against unauthorized access to move funds off from the wallet.
6 Reply Quote Share
alt_cobraMember
Posts: 38 · Reputation: 202
#14Nov 23, 2020, 08:52 AM
you can never be ahead of hackers, it's a cat and mouse game. what they should have done, is have some safeguards in place so if they get hacked, the hackers don't just walk away with half of their funds, which they failed at. isn't the 9%+ vig why they have such low profits? i would think anyone wanting to get some bitcoin, and who doesn't mind KYC, etc... would just use a CEX or go P2P instead of paying those insane ATM rates?
3 Reply Quote Share
cryptolordFull Member
Posts: 88 · Reputation: 316
#15Nov 23, 2020, 12:42 PM
When it comes to cybersecurity, no company can truly guarantee that their services are completely secure. Even when they improve their security, there's still the potential for breaches because attackers are constantly improving their ability to outsmart them. But for a company of that size, they should have precautions in place to minimize this risk. It's ridiculous how easily hackers exploited their systems to transfer Bitcoin out of their wallets. This indicates they aren't serious about securing their assets.
4 Reply Quote Share
real_ledgerFull Member
Posts: 108 · Reputation: 703
#16Nov 23, 2020, 06:44 PM
This is a huge loss for them since the case is still fresh. Let's hope the investigation can get them something and some of the stolen funds recovered even if not all, but one thing that baffles me is the company suffered a similar incident in 2024 and did not learn from it and patch all possible loopholes at least to prevent such large loss. Safeguard, you mean set the system in such a way that when there is a large withdrawal detected happening all at once, it gets all locked out, or what?
6 Reply Quote Share
real_pixelSenior Member
Posts: 206 · Reputation: 1105
#17Nov 23, 2020, 07:36 PM
I guess companies like this needs to enter into an agreement with an insurance company for any breach that might happen to them. And also, they need to be more secured and aware that hackers are not playing around if they know that a company holds a lot of bitcoins. None can guarantee but at least by getting a more secured one on expensive fee gives them the insurance that they'll be protected. And in case of a breach, they can demand something from that security agency why it has happened if they boast of how strong their security is.
0 Reply Quote Share
proto_pixelFull Member
Posts: 57 · Reputation: 377
#18Nov 23, 2020, 11:22 PM
Is it really that easy to hack without thinking about how to properly secure it with a multi-signature wallet? so security gaps like this are exploited by scammers to hack more Bitcoins with the same method. The hot wallet generated by Bitcoin Depot is a loophole where hackers can get in and sophisticated phishing attacks or software exploits can provide initial access and then once they have successfully entered the company's network the attacker can move laterally to find cryptographic keys and this kind of pattern is called a supply chain compromise attack. A more prepared and updated security infrastructure is really needed for public services like this Bitcoin depot. There must be an official security audit that regulates how the security level of crypto services is up to date and not easy to manipulate.
4 Reply Quote Share
shard_minerSenior Member
Posts: 359 · Reputation: 1322
#19Nov 24, 2020, 03:35 AM
You are right about 3rd party services increasing their vigilance because it is obvious that they are still struggling to contain and implement important security protocols, mostly when it comes to the data of their user base. This also points to one common saying here and anywhere that 'not your keys, not your coins', because it is the bedrock of a solid security set up when dealing with crypto currencies investment. One good thing though is that at least customers information remained intact but wallets were emptied and it's a good news.  It's imperative to note also in this regard that, self custody is the best way to stay safe as compared to one's funds sitting in a provider's settlement later.
2 Reply Quote Share
block_hashFull Member
Posts: 108 · Reputation: 698
#20Nov 24, 2020, 05:27 AM
That is because hackers are always finding ways how to penetrate the system and find its vulnerabilities. With the continuous development and creation of new softwares, comes with better hacking tools. Hence, companies and sites should always update their security features to combat potential threats as they are holding significant funds. For third party platforms holding funds from their clients, they should always - > make sure they have security features and layers of protection > updated softwares to combat new hacking tools > always check the status of their security vs the current and upcoming security protocols > run bug bounty programs because they may not being some loopholes in their system > investigate their own people, several hacking incidents were inside jobs
6 Reply Quote Share

Related topics