Bitcoin Depot 8-K cybersecurity incident disclosure

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 8-K

CURRENT REPORT

Pursuant to Section 13 or 15(d)

of the Securities Exchange Act of 1934

Date of Report (Date of earliest event reported): April 6, 2026

Bitcoin Depot Inc.

(Exact name of registrant as specified in its charter)

| | | | | |
| | | | | |
| Delaware | | 001-41305 | | 87-3219029 |
| (State or other jurisdiction of

incorporation or organization) | | (Commission

File Number) | | (I.R.S. Employer

Identification No.) |
8601 Dunwoody Place

Sandy Springs, GA 30350

(Address of principal executive offices)

(678) 435-9604

Registrant’s telephone number, including area code

Not Applicable

(Former name or former address, if changed since last report)

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligations of the registrant under any of the following provisions:

| | |
| ☐ | Written communications pursuant to Rule 425 under the Securities Act (17 CRF 230.425) |

| | |
| ☐ | Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CRF 240.14a-12) |

| | |
| ☐ | Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CRF 240.14d-2(b)) |

| | |
| ☐ | Pre-commencement communications pursuant to Rule 13c-4(c) under the Exchange Act (17 CRF 240.13e-4(c)) |
Securities registered pursuant to Section 12(b) of the Act:

| | | | | |
| Title of each class | | Trading

Symbol(s) | | Name of each exchange
on which registered |
| Class A Common Stock, par value $0.0001 per share | | BTM | | The Nasdaq Stock Market LLC |
| Warrants, each whole warrant exercisable for one share of Class A Common Stock at an exercise price of $80.50 per share | | BTMWW | | The Nasdaq Stock Market LLC |
Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 or Rule 12b-2 of the Securities Exchange Act of 1934.

Emerging growth company ☒

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act ☐

| | |
| Item 1.05 | Material Cybersecurity Incident. |

On March 23, 2026, Bitcoin Depot Inc. (the “Company”) discovered that an unauthorized party gained access to certain of its information technology systems. Upon detection, the Company promptly activated its incident response protocols, engaged external cybersecurity experts, and notified law enforcement. Based on the Company’s investigation to date, the unauthorized actor gained access to certain systems and obtained control of credentials associated with the Company’s digital asset settlement accounts. As a result, the unauthorized actor transferred approximately 50.903 Bitcoin from Company-controlled wallets, valued at approximately $3.665 million as of the date of this report, without authorization. The Company further believes that the incident was contained to the Company’s corporate environment and did not affect the Company’s customer platforms, divisions, systems, data or environments.

The Company continues to investigate the nature and scope of the incident with the assistance of third-party specialists. As part of its remediation efforts, the Company is working with its outside cybersecurity experts to further reinforce its information technology systems and to prevent future unauthorized access. The Company has not identified evidence that customer personally identifiable information was accessed or exfiltrated in connection with the incident; however, the investigation remains ongoing.

As of the date of this Current Report on Form 8-K, the incident has not had a material impact on the Company’s operations. On April 6, 2026, the Company nevertheless determined that the incident is material in light of potential consequences of the incident, including reputations harm, legal, regulatory and response costs. The Company believes that the incident is not reasonably likely to have a material impact on the Company’s financial condition or results of operations but has not yet determined the full impact of the incident. The Company has recorded a preliminary estimate of loss of approximately $3.665 million, representing the fair value of the Bitcoin transferred without authorization as of the date of the incident. The ultimate impact may differ from this estimate as the investigation continues. The Company maintains insurance coverage that may cover certain losses associated with cybersecurity incidents, but there can be no assurance that such coverage will be sufficient to recover any or all losses incurred as a result of this incident.

As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet completely known. To the extent any information required by Item 1.05(a) of Form 8-K was not determined or was unavailable at the time of this filing, the Company will amend this Current Report on Form 8-K as such information is determined or becomes available.

Cautionary Note Regarding Forward-Looking Statements

This Current Report on Form 8-K includes “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Exchange Act. Forward-looking statements are any statements other than statements of historical fact, and include, but are not limited to, statements regarding the expectations of plans, business strategies, objectives and growth and anticipated financial and operational performance, including our growth strategy and ability to increase deployment of our products and services, the anticipated effects of the Agreement. These forward-looking statements are based on management’s current beliefs, based on currently available information, as to the outcome and timing of future events. Forward-looking statements are often identified by words such as "anticipate," "appears," "approximately," "believe," "continue," "could," "designed," "effect," "estimate," "evaluate," "expect," "forecast," "goal," "initiative," "intend," "may," "objective," "outlook," "plan," "potential," "priorities," "project," "pursue," "seek," "should," "target," "when," "will," "would," or the negative of any of those words or similar expressions that predict or indicate future events or trends or that are not statements of historical matters, although not all forward-looking statements contain such identifying words. In making these statements, we rely upon assumptions and analysis based on our experience and perception of historical trends, current conditions, and expected future developments, as well as other factors we consider appropriate under the circumstances. We believe these judgments are reasonable, but these statements are not guarantees of any future events or financial results. These forward-looking statements are provided for illustrative purposes only and are not intended to serve as, and must not be relied on by any investor as, a guarantee, an assurance, a prediction or a definitive statement of fact or probability. Actual events and circumstances are difficult or impossible to predict and will differ from assumptions. Many actual events and circumstances are beyond our control.

These forward-looking statements are subject to a number of risks and uncertainties, including changes in domestic and foreign business, market, financial, political and legal conditions; failure to realize the anticipated benefits of the business combination; future global, regional or local economic and market conditions; the development, effects and enforcement of laws and regulations; our ability to manage future growth; our ability to develop new products and services, bring them to market in a timely manner and make enhancements to our platform; the effects of competition on our future business; our ability to issue equity or equity-linked securities; the outcome of any potential litigation, government and regulatory proceedings, investigations and inquiries; and those factors described or referenced in filings with the Securities and Exchange Commission. If any of these risks materialize or our assumptions prove incorrect, actual results could differ materially from the results implied by these forward-looking statements. There may be additional risks that we do not presently know or that we currently believe are immaterial that could also cause actual results to differ from those contained in the forward-looking statements. In addition, forward-looking statements reflect our expectations, plans or

forecasts of future events and views as of the date of this press release. We anticipate that subsequent events and developments will cause our assessments to change.

We caution readers not to place undue reliance on forward-looking statements. Forward-looking statements speak only as of the date they are made, and we undertake no obligation to update publicly or otherwise revise any forward-looking statements, whether as a result of new information, future events, or other factors that affect the subject of these statements, except where we are expressly required to do so by law. All written and oral forward-looking statements attributable to us are expressly qualified in their entirety by this cautionary statement.

Item 9.01 Financial Statements and Exhibits.

(d) Exhibits

| | | |
| Exhibit
Number | | Description |
| 104 | | Cover Page Interactive Data File (embedded within the Inline XBRL document) |

SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, as amended, the Registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.

| | | | | | | |
| | | | | | | |
| | | | | Bitcoin Depot Inc. | | |
| | | | | | | |
| Dated: April 8, 2026 | | | | By: | | /s/ Christopher Ryan |
| | | | | Name: | | Christopher Ryan |
| | | | | Title: | | General Counsel and Corporate Secretary |