- BitoPro confirmed it had suffered a security breach three hours after ZachXBT publicly flagged suspicious activity.
- Users have criticized BitoPro’s delayed communication, noting the absence of critical details like the exact date of the incident and the amount stolen.
- The breach highlights how attackers are increasingly targeting operational vulnerabilities.
Taiwan-based cryptocurrency exchange BitoPro has confirmed a security breach resulting in the alleged theft of $11.5 million in digital assets.
The revelation came shortly after on-chain investigator ZachXBT flagged unusual wallet activity on Monday, June 2, raising questions about why the exchange did not alert users sooner.
BitoPro Confirms Security Breach
Following ZachXBT’s alert about suspicious outflows, BitoPro issued an official statement confirming the security breach.
You’ll Want To See This
The incident, which ZachXBT believes happened 25 days ago, saw hackers infiltrate the platform during its wallet system upgrade.
“During the recent wallet system upgrade and asset transfer operation of BitoPro, the old hot wallet of BitoPro exchange was attacked by hackers during the fund allocation process,” the translated statement said.
BitoPro said its emergency response mechanisms were promptly activated, allowing platform assets to be moved to a new wallet safely.
“We hereby declare that the platform has sufficient virtual asset reserves and user rights are completely unaffected,” the company stated.
BitoPro did not disclose the exact amount stolen or explain why it waited weeks before informing users of the breach.
The lack of transparency sparked frustration in the platform’s Telegram group, where users demanded clearer details.
“The statement did not mention the important information that users want to know,” one user commented. “It did not mention when the incident happened or how much the amount was.”
ZachXBT Identifies $11.5 Million in Losses
Roughly three hours before BitoPro’s public statement, ZachXBT reported that the exchange had “likely” been exploited for $11.5 million on May 8.
He pointed to suspicious activity across hot wallets on Tron, Ethereum, and Solana.
“The stolen funds were then deposited to Tornado or bridged to Bitcoin via Thorchain and deposited to Wasabi,” ZachXBT noted on his Telegram channel.
At that time, BitoPro had not acknowledged any breach, instead stating that the exchange was offline due to “maintenance.”
Surge in Crypto Hacks
The BitoPro incident adds to a troubling trend in 2025, marked by a surge in high-profile crypto thefts.
The most significant incident so far was the Bybit hack in February, which accounted for over 92% of Q1 losses.
The Bybit attack saw perpetrators inject malicious JavaScript code into SafeWallet to manipulate transaction data in real time.
Increasingly, attackers are exploiting subtle vulnerabilities, such as BitoPro’s wallet migration, to carry out complex and damaging exploits.
PeckShield said the $1.63 billion loss in Q1 2025 underscored a 131% increase from the first quarter of 2024.
However, according to the security firm, total crypto hack losses decreased 39% in May compared to April.
“In May 2025, ~20 major crypto hacks were recorded, resulting in total losses of $244.1M — a 39.29% decrease from April,” PeckShield on X.
Was this Article helpful?
