BitoPro Security Incident: Hot Wallet Movements and Hacker Attack Spark Major Concerns

Overview of BitoPro Security Incident

On May 8, 2025, the Taiwanese exchange BitoPro was suspected to have suffered a hacker attack, involving abnormal transfers of funds from Hot Wallets across multiple chains including Ethereum, Tron, Solana, and Polygon, with the estimated amount reaching up to 11.5 million USD. The hacker utilized decentralized exchanges to convert assets into other cryptocurrencies and laundered the money through the anonymous service Tornado Cash and the cross-chain bridge Thorchain, ultimately funneling the funds into the Wasabi Wallet within the Bitcoin network to further obscure their tracks.

Platform Response and Security Investigation

In response to the incident, BitoPro released a statement acknowledging that it was hacked, stating that the event occurred during the upgrade of the Hot Wallet and asset transfer, and that the old Hot Wallet was compromised during the scheduling process. The platform immediately initiated emergency measures, transferring the remaining assets to a new Hot Wallet, blocking suspicious activities, and hiring a third-party security company for investigation. It claims that most assets are stored long-term in a Cold Wallet and were not affected, and that user transactions and withdrawal functions continue to operate normally.

Hacker organizations and attack methods

Internal investigations indicate that the attack methods are similar to several past international financial incidents, with a high degree of credibility pointing to North Korea’s Lazarus Group. The hackers used social engineering to target cloud infrastructure operations engineers, implanting malware and successfully stealing the AWS Session Token, bypassing multi-factor authentication controls, and remaining dormant for a long time to launch the attack. They utilized malicious scripts to operate the Hot Wallet for large-scale fund transfers.

Judicial intervention and transparency measures

The incident has currently been handed over to the judicial authorities for criminal forensic investigation. BitoPro is also rebuilding its wallet infrastructure and has made the Hot Wallet address public on the Arkham platform for external verification, emphasizing that it will continue to strengthen security protections and monitoring of operational permissions to prevent similar incidents from occurring again.

Impact and User Response

After the news broke, the BitoPro platform token $BITO fell more than 8% on that day. Users raised questions about the platform’s security performance and information transparency, particularly criticizing the official response at first, which was only “system maintenance”, and did not promptly disclose the specific hacking incident, leading to a crisis of trust in the market.

Summary

The security incident at BitoPro highlights the severe challenges currently faced by cryptocurrency trading platforms in managing Hot Wallets and in offense-defense strategies. This case serves as a reminder to all practitioners and users that layered management of cold wallets and Hot Wallets, proactive security monitoring, and event transparency are often key to protecting asset safety. As attack methods become increasingly technical and covert, platforms must enhance their security defense capabilities, strengthen user trust, and ensure ecosystem stability.