Taiwan cryptocurrency exchange BitoPro has confirmed a hacking incident following blockchain analyst ZachXBT’s identification of approximately $11.5 million worth of shady hot wallet withdrawals from the exchange. The hack occurred on May 8, 2025. It affected wallets on various networks including Tron, Ethereum, Solana, and Polygon.
ZachXBT’s analysis revealed that hackers market-sold stolen assets through decentralized exchanges before laundering the proceeds through Tornado Cash and bridging funds to Bitcoin via THORChain. The converted Bitcoin was subsequently deposited to Wasabi, a privacy-focused wallet service.
Initially, BitoPro did not formally disclose the incident on social media platforms. They instead told s the exchange was offline for “maintenance.” This delayed acknowledgment drew attention from the crypto community, particularly after ZachXBT’s public analysis made the security breach apparent.
BitoPro, a Taiwanese crypto exchange, was likely hacked on May 8, 2025, losing around $11.5 million. Funds were drained from hot wallets across multiple chains and laundered via Tornado Cash and Thorchain. The exchange has not officially acknowledged the incident, citing…
— Wu Blockchain (@WuBlockchain) June 2, 2025
BitoPro confirms attack during wallet upgrade
BitoPro’s BitoGroup has now released an official statement confirming the hack occurred during a wallet system upgrade and asset transfer process. According to the exchange, hackers exploited the old hot wallet during fund reallocation procedures.
“Upon discovering the incident, we immediately activated our emergency response mechanism, swiftly transferred platform assets to the new wallet, and blocked the hacker’s actions,” the statement reads. The exchange has engaged a third-party cybersecurity firm to conduct a detailed investigation and track associated activity.
BitoPro emphasized that the site has sufficient virtual asset reserves and claims assets are not affected. The exchange guarantees that trading, withdrawals, and deposits have been proceeding as usual following the incident.
The company plans to disclose the address of its new hot wallet in order to enable public verification. BitoPro also added that the majority of the platform assets were stored in offline cold wallets that were not impacted by the attack.
The fact that the hackers employed multiple laundering methods indicates a sophisticated operation. Through market-selling of the stolen money on DEXs, the attackers avoided centralized exchange monitoring and successfully exchanged tokens for more tradable instruments.
This multi-stage process complicates the recovery of funds for law enforcement and makes it harder to track the stolen funds.
