Asia Morning Briefing: ETH On-Chain Metrics Signal Potential Bull Run Ahead
BitoPro confirms $11.5M exploit, says withdrawals unaffected
- Ethereum
Cryptokeeper
- 0
- 6 minutes read
BitoPro crypto exchange may have been exploited for $11.5 million worth of crypto on May 8, according to blockchain investigator ZachXBT.
444 Total views
Listen to article
News
Taiwan-based cryptocurrency exchange BitoPro has confirmed a security breach that led to the loss of more than $11.5 million in digital assets from its hot wallets on May 8.
The suspicious transactions, which occurred across hot wallets on Ethereum, Tron, Solana and Polygon, saw asset outflows to decentralized exchanges (DEXs) where they were later marked as sold, according to onchain investigator ZachXBT.
Despite the incident, BitoPro did not disclose the exploit on X or Telegram for several weeks, ZachXBT said in a June 2 post on X.
Related: Metaplanet’s Bitcoin ‘premium’ nears $600K per BTC
Blockchain data shows assets were deposited into cryptocurrency mixer Tornado Cash or bridged to Bitcoin via THORChain, patterns often employed by hackers to make funds anonymous and untraceable.
On May 9, BitoPro announced a maintenance period for the exchange, which was resolved on the same day. However, many users have since reported being unable to withdraw USDt (USDT).
Cointelegraph reached out to BitoPro for comment but had not received a response by the time of publication.
Related: Hoskinson promises audit, is ‘deeply hurt’ by $600M Cardano treasury claims
Exchange confirms breach weeks later
Three weeks after the incident, BitoPro confirmed that it had suffered a wallet exploit. In a June 2 Telegram post, the exchange said the breach occurred during a wallet system upgrade, when an attacker exploited an “old hot wallet” during internal fund reallocation, adding:
“The platform has sufficient virtual asset reserves and user rights are completely unaffected.”
Deposits, withdrawals and all trading functions remain operational, while a third-party blockchain security firm has been commissioned to trace the stolen funds, BitoPro stated.
In a push for more transparency, BitoPro said it would share the new hot wallet address for external investigation in the “near future.”
DeFi protocols remain top hacker targets
Hackers continue targeting the growing value locked into exchanges and decentralized finance (DeFi) protocols.
On May 22, decentralized exchange Cetus was exploited for over $220 million, but validators managed to freeze $162 million, which was subsequently returned to the protocol after a governance vote on May 30.
Magazine: Coinbase hack shows the law probably won’t protect you: Here’s why
