Crypto Exchange Confirms $11.5M Hack, Assures Users Funds Are Safe

BitoPro, a Taiwan-based crypto exchange, has confirmed a $11.5 million exploit involving its hot wallets.

The breach occurred on May 8 but was publicly disclosed only on June 2.

【BitoPro Official Statement: June 2, 2025】
BitoPro recently experienced a cyberattack on an old hot wallet during a wallet system upgrade. Upon detection, we quickly launched an emergency response, securing assets by moving them to new wallets and blocking the attacker.

— BitoGroup 幣託集團 (@BitoEx_Official) June 2, 2025

The attacker targeted an outdated wallet during an internal upgrade and transferred funds across Ethereum, Tron, Solana, and Polygon before laundering them through Tornado Cash and THORChain.

Despite the delay in disclosure, BitoPro assured users that withdrawals remain unaffected and that it holds sufficient reserves.

2）
We've also engaged a third-party cybersecurity firm to investigate and track leads.BitoPro's virtual asset reserves are ample, and user assets remain completely unaffected. Since the incident, all deposit, withdrawal, and trading functions have continued to operate normally.

— BitoGroup 幣託集團 (@BitoEx_Official) June 2, 2025

Trading and TWD services have continued without interruption.

The exchange initially cited “system maintenance” on May 9, which coincided with user complaints of USDT withdrawal issues.

BitoPro has now hired a third-party blockchain security firm to trace the stolen assets and plans to publish a new hot wallet address to support transparency.

The incident highlights ongoing vulnerabilities in Web3, where access control flaws remain a critical threat.

This breach adds to a string of recent attacks in the crypto sector, including a $220 million exploit on DEX platform Cetus and a $3 million hack on the Nervos network.

Hacken analysts note that sophisticated laundering and prolonged exploit efforts are becoming more common, emphasizing the need for real-time exploit detection tools.

About The Author