ZachXBT flags suspicious $11.5M outflows from BitoPro exchange’s hot wallets, says it was ‘likely exploited’

Bitget App

Trade smarter

The Block2025/06/01 16:00

By:By Danny Park

Quick Take Taiwan-based cryptocurrency exchange BitoPro appeared to have been exploited for about $11.5 million on May 8, according to on-chain sleuth ZachXBT. Funds appeared to have been suspiciously withdrawn from hot wallets across multiple networks, including Tron, Ethereum, Solana, and Polygon. Hours after ZachXBT’s claim, BitoPro acknowledged that the exchange was hacked during a system upgrade.

ZachXBT flags suspicious $11.5M outflows from BitoPro exchange’s hot wallets, says it was ‘likely exploited’ image 0

Taiwan-based cryptocurrency exchange BitoPro appeared to have been exploited for about $11.5 million on May 8, according to on-chain sleuth ZachXBT.

ZachXBT said in his Telegram channel that there were suspicious outflows from the exchange's hot wallets on multiple networks, including Tron, Ethereum, Solana and Polygon.

"The stolen funds were then deposited to Tornado or bridged to Bitcoin via Thorchain and deposited to Wasabi," ZachXBT wrote .

Although 25 days have passed since the incident, BitoPro did not issue an official statement through its communication channels until ZachXBT posted his investigations to the public.

When exchange users shared ZachXBT's claim on the official Telegram channel of BitoPro, an administrator of the channel wrote at 2:51 p.m. local time — "Just received numerous inquiries, and we will respond uniformly to all of you later."

At 5:12 p.m., BitoPro made an official Chinese statement acknowledging that the platform had been hacked while scheduling funds during its wallet system upgrade and asset transfer operations.

"At the moment the incident occurred, an emergency response mechanism was immediately activated, securely transferring platform assets to a new wallet and blocking hacker activities, while also commissioning a third-party professional cybersecurity company to comprehensively investigate and track related leads," BitoPro said in its translated statement.

While the company assured that no user funds were affected, it did not address why the security breach was not immediately alerted to users. Official details on the exploit remain undisclosed.

Meanwhile, the $1.4 billion hack of the Bybit exchange earlier this year also involved stolen funds being channeled through mixers, including Wasabi, Tornado, and Thorchain, then swapped via cross-chain bridges and peer-to-peer exchanges.

According to Bybit CEO's most recent update on hacked funds, over 27% of the stolen funds, or approximately $380 million worth of crypto, have gone off the grid. The hackers behind the Bybit exploit were identified as those of the Lazarus Group , which is backed by North Korea .

Story updated to include BitoPro's latest statement on the exploit

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.

APR up to 10%. Always on, always get airdrop.

Lock now!