Taiwanese cryptocurrency exchange BitoPro has confirmed it suffered a cyberattack resulting in the theft of approximately $11.5 million in digital assets. The breach, which occurred during a system upgrade, was publicly identified after on-chain sleuths flagged a series of suspicious withdrawals from the platform.
Hack Detected During System Maintenance
In an official statement on Monday, BitoPro revealed that the attack targeted an old hot wallet during a scheduled wallet infrastructure upgrade.
The exchange stated,
“BitoPro recently experienced a cyberattack on an old hot wallet during a wallet system upgrade. Upon detection, we quickly launched an emergency response, securing assets by moving them to new wallets and blocking the attacker.”
Hot wallets, which remain connected to the internet for ease of transactions, are often more exposed to security risks compared to cold wallets kept offline. The vulnerability was exploited as the Taiwan-based crypto exchange transitioned to a new asset management framework.
Attackers Exploit Multiple Blockchains and Privacy Tools
Blockchain investigator ZachXBT traced the stolen funds moving through several public networks, including Ethereum, Tron, Solana, and Polygon. The attackers reportedly utilized mixers like Tornado Cash to obfuscate transaction trails, followed by cross-chain swaps via Thorchain to convert assets into Bitcoin. The proceeds were then transferred to privacy-enhancing wallets such as Wasabi Wallet, complicating efforts to track and recover the funds.
Following the discovery of the breach, BitoPro immediately relocated remaining assets to newly generated wallets and froze unauthorized access points. The platform has since engaged an external cybersecurity firm to assist in the investigation and strengthen post-breach monitoring.
Aftermath of Incident
Despite the incident, BitoPro reassured users that platform services remain unaffected, saying
“Since the incident, user top-up, withdrawal and transaction functions have maintained normal operation.”
Additionally, BitoPro emphasized that it holds sufficient asset reserves to cover losses and maintain operational stability.
To enhance transparency, the exchange announced plans to publish new hot wallet addresses in the coming days. It also reiterated that the bulk of customer and operational funds are safeguarded in offline cold wallets, which were not impacted by the breach.
In the aftermath of the announcement, trading activity on BitoPro saw a notable decline. Data from CoinGecko showed a 21% drop in 24-hour trading volume, reflecting market anxiety surrounding platform security.
Growing Year of Crypto Exchange Breaches
The BitoPro incident adds to a growing list of high-profile cryptocurrency exchange hacks in 2025. Just weeks ago, Coinbase disclosed a data breach affecting tens of thousands of customers, with estimated costs potentially reaching $400 million. Earlier this year, Bybit was hit with a record-breaking $1.5 billion theft, marking the largest exchange hack and the largest digital asset heist on record.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice
