ZachXBT Reveals BitoPro Exchange Hack Linked to Hot Wallet Breach, $11.5M in Crypto Stolen

Highlights:

• ZachXBT has linked the $11.5 million BitoPro hack to a hot wallet breach during a system upgrade in early May.
• BitoPro confirmed the breach weeks later and said user funds remain safe, with most assets held in cold wallets.
• The stolen crypto was moved through Tornado Cash and ThorChain to make tracking more difficult.

BitoPro, a Taiwan-based crypto exchange, suffered a security breach on May 8 that led to the theft of over $11.5 million from its hot wallets. The stolen assets came from multiple blockchain networks, including Ethereum, Tron, Solana, and Polygon. Although the breach took place weeks ago, BitoPro did not make a public statement until June 2. Instead, on-chain analyst ZachXBT exposed the hack on June 1 by tracing the stolen funds and sharing his findings through a post on X.

Do you want to explain to the community why multiple of your hot wallets saw suspicious outflows of ~$11.5M on May 8, 2025 where you still have not disclosed the security incident on X or Telegram several weeks later? pic.twitter.com/HlD0c93Or4

— ZachXBT (@zachxbt) June 2, 2025

ZachXBT explained that the hacker used decentralized exchanges to swap the assets. After that, the criminals sent the money using privacy tools, such as Tornado Cash, THORChain, and Wasabi Wallet. The use of these mixers complicates tracking crypto movements, and they are frequently employed to cover up stolen cryptocurrency. Following his post, a storm of questions was raised in BitoPro’s official Telegram group by users who had seen issues with withdrawals and peculiar system updates.

BitoPro Exchange Hack Linked to Wallet Exploit During System Upgrade

Following the backlash, BitoPro released a statement in Chinese confirming the exchange hack. The company said the breach occurred during a hot wallet upgrade while funds were being transferred between old and new wallets. During this process, the attacker gained access to an outdated wallet that had not yet been emptied. Although the exchange confirmed the loss, it assured users that their assets remained safe.

BitoPro also claimed that it responded to the breach immediately by moving the remaining funds into a secure wallet. According to the company, most customer funds were kept in secured cold wallets that the attacker failed to access. They mentioned that operations like deposits, withdrawals, and trading were not affected. Nevertheless, members of the community reported difficulty in withdrawing their funds starting on May 9, causing more concerns about the platform being clear about its operations.

BitoPro brought in a third-party cybersecurity team to track and investigate the attack. According to the exchange, it has enough reserves to cover user withdrawals and prevent further damage. Moreover, it plans to publish a new hot wallet address so the public can monitor wallet movements.

Wallet Exploit Sparks Broader Fears in the Crypto Community

The latest attack on BitoPro comes after a series of recent hacks within the crypto community. On May 22, Cetus, a decentralized exchange, was hit by hackers who stole more than $220 million. Validators were able to stop $162 million from being laundered. A later vote by the community resulted in the locked funds being returned to affected users.

Nervos suffered another attack recently, resulting in a loss of $3 million. The project shut down all smart contract activity after the stolen funds moved through Tornado Cash. Nervos has launched its own investigation and aims to gather back the funds and alert the affected users.

🚨ALERT🚨Our system has detected multiple suspicious transactions involving @NervosNetwork.

A suspicious address appears to have taken control over the bridge, stealing ~$3M in assets:
257.8K $USDT
539.09 $ETH
898.3K $USDC
60.4K $DAI
0.79 $WBTC
All funds were swapped to $ETH and… pic.twitter.com/jA3EZVpTeN

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) June 2, 2025

Earlier this year, a major breach on Bybit resulted in the loss of $1.4 billion in crypto. In a similar way to BitoPro, the money was transferred using Tornado Cash as well as other privacy systems. Investigators later linked the attack to the Lazarus Group, a well-known hacking group. Although BitoPro promised to keep users informed, it has only shared updates in its Telegram group and has not posted a public statement. Users continue to wait for further communication as investigations continue.