Largest North American bitcoin ATM operator, Bitcoin Depot, files for bankruptcy

May 18, 2026

Largest North American bitcoin ATM operator, Bitcoin Depot, files for bankruptcy

A yellow and black Bitcoin ATM with "Bitcoin sold here" printed on the side

A Bitcoin Depot kiosk (attribution)

Bitcoin Depot has filed for Chapter 11 bankruptcy. The company operates a fleet of kiosks at retail locations that allow customers to purchase bitcoin with cash. Bitcoin Depot announced in a press release that its 9,700 kiosks – primarily located at gas stations and convenience stores – had already been taken offline.

The company's bankruptcy filing reports between $10 million and $50 million in both assets and liabilities. In a recent financial disclosure, the company had reported a 49% year-over-year reduction in revenue and a net loss of $9.5 million for the year. The company had also suffered a $3.67 million hack in April.

Bitcoin Depot has blamed a challenging state-level regulatory environment for its bankruptcy, pointing to a series of regulatory restrictions and outright bans on crypto ATMs, which are a major conduit for crypto scams. An FBI report on Internet crime in 2024 showed 11,000 reports of fraud involving crypto ATMs – a 99% increase from the prior year. Almost $250 million was reported lost due to such scams, with a majority of it coming from victims over 60 years old. Several states have responded by introducing laws imposing strict compliance requirements or transaction limits on ATM operators, and Indiana and Tennessee have both recently banned the kiosks entirely. Additionally, the company is defending against lawsuits from both Massachusetts and Iowa, which argue that the company uses a misleading pricing structure, knowingly enables crypto scames, and maintains a predatory refund policy.

"Bitcoin Depot Initiates Voluntary Chapter 11 Process to Facilitate an Orderly Wind-Down and Sale of the Company’s Assets", Bitcoin Depot press release [archive]
Issue 92, Citation Needed [archive]
Issue 105, Citation Needed [archive]
Chapter 11 Voluntary Petition

May 17, 2026

Verus bridge hacked for $11.6 million

(attribution)

An attacker stole $11.6 million in various crypto assets from the Verus–Ethereum bridge, which allows users to use tokens from the Verus network on the Ethereum chain and vice versa. The attacker then swapped the tokens for ETH, limiting the ability for issuers of more centralized tokens to freeze the stolen assets.

Verus halted the entire Verus network after the exploit was detected in hopes of limiting further damage.

"Ongoing exploit drains $11.6 million from Verus-Ethereum bridge: Blockaid", The Block [archive]

May 15, 2026

THORchain exploited for $10.8 million

(attribution)

The THORchain cross-chain liquidity protocol was exploited for around $10.8 million across several blockchains: Bitcoin, Ethereum, BNB Chain, and Base. The protocol paused trading after observing the suspicious transactions. News of the hack caused the protocol's RUNE token to drop in price by more than 10%.

Telegram message by zachxbt [archive]

May 13, 2026

Transit Finance hacked for $1.88 million

(attribution)

Transit Finance was exploited for $1.88 million after an attacker exploited a "legacy contract" on the TRON blockchain that the project said was deprecated in 2022. "Historical vulnerabilities within it" were exploited, the project explained, allowing the attacker to steal $1.88 million.

Transit was previously exploited in 2022 for $21 million, although around 70% of the stolen assets were later returned.

Tweet by TransitFinance [archive]

May 12, 2026

TAC bridge exploited for $2.8 million

(attribution)

The TAC bridge, which bridges assets from the Ethereum blockchain to the Telegram-linked TON chain, was exploited for $2.8 million. The project paused the bridge and announced they were investigating.

The project has announced they intend to "restor[e] bridge liquidity through a legally structured sale of Foundation's TAC token treasury reserves."

Tweet by TacBuild [archive]

May 6, 2026

TrustedVolumes suffers $6.7 million exploit

(attribution)

TrustedVolumes, a resolver and market maker used by 1inch and other defi platforms, suffered a $6.7 million exploit after an attacker was able to steal funds without proper validation. The thief then swapped the stolen wETH, USDT, wBTC, and USDC through ChangeNow and converted them to ETH to evade freezes.

Blockchain research firm Blockaid has linked the attacker to a similar exploit in March 2025 that saw $5 million drained from 1inch. This time, 1inch has asserted that although they use TrustedVolumes as a resolver, the exploit did not involve any of their systems.

"DeFi Platform TrustedVolumes Hit by $6.7M Exploit", Decrypt [archive]

May 5, 2026

Ekubo exploited for $1.4 million

(attribution)

The Ekubo automated market maker infrastructure project experienced a $1.4 million theft after attackers were able to take advantage of a smart contract that improperly verified permissions. They stole 17 wBTC ($1.4 million), which they swapped for ETH and laundered via Tornado Cash.

"Attackers drain $1.4M in wrapped bitcoin from DeFi protocol Ekubo in approval-based exploit", The Block

April 30, 2026

Wasabi Protocol exploited for more than $5 million

(attribution)

The Wasabi Protocol defi derivatives platform has been exploited for more than $5 million across multiple blockchains. The attack has been attributed by blockchain security firms to a compromised admin key, which allowed the attacker to upgrade contracts to steal assets.

"Wasabi Protocol hit by more than $5 million exploit across multiple chains, security firms say", The Block

April 25, 2026

Polish Zondacrypto exchange stops processing withdrawals amid possible insolvency

(attribution)

The Polish cryptocurrency exchange Zondacrypto faced complaints that withdrawals were not being processed as far back as December 2025, but the crisis seems to have escalated. CEO Przemysław Kral attempted to assuage insolvency fears by pointing to a cryptocurrency wallet containing around 4,500 BTC (~$330 million) as proof of assets, but he also admitted that the keys to the wallet were known only to the exchange's previous CEO and not transferred during the company's 2021 sale. The former CEO has been missing for four years.

Polish authorities have launched investigations into the apparent collapse. Losses have been estimated at 350 million zł (~$96 million).

Poland's Prime Minister Donald Tusk has also recently accused Zondacrypto of sponsoring conservative and right-wing politicians, including Polish President Karol Nawrocki. Nawrocki has repeatedly vetoed legislation aiming to regulate the crypto sector, describing it as overly burdensome to crypto businesses. Tusk has also alleged that Zondacrypto was funded by the Russian mafia and Russian intelligence services. These allegations are also being investigated by Polish authorities, and one report citing the country's Internal Security Agency claims that the Kremlin-linked Tambovskaya Bratva Russian mafia group took over the exchange as far back as 2018.

"UOKiK zbada sprawę Zondacrypto. 'Znacznie poważniejsze nieprawidłowości'", Money.pl (in Polish) [archive]
Polish leader Tusk claims Russia-linked crypto firm backed Nawrocki’s presidential bid", AP News [archive]
"Powerful Russian mafia 'took control' of crisis-hit Polish firm Zondacrypto", TVP World [archive]

April 21, 2026

Volo Protocol exploited for $3.5 million, most recovered

(attribution)

The Sui-based Volo Protocol defi yield platform was exploited for around $3.5 million after an attacker targeted three vaults holding wBTC, XAUm (a tokenized gold asset), and the USDC stablecoin.

Volo says they have frozen or recovered all but around $60,000. They have also said they are "prepared to absorb this loss", rather than passing losses along to their users.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.