Taiwan-based cryptocurrency exchange BitoPro experienced a significant security breach, resulting in the loss of over $11.5 million from its hot wallets across Ethereum, Tron, Solana, and Polygon networks. The incident came to light weeks later, when blockchain investigator ZachXBT highlighted suspicious outflows, prompting BitoPro to confirm the exploit on June 2.
The stolen assets were allegedly routed through decentralized exchanges and subsequently laundered using anonymity tools such as Tornado Cash and THORChain, making them impossible to track down. Despite the breach, BitoPro assured users that their funds and withdrawals remained unaffected, stating that the exploit occurred during a wallet system upgrade when an attacker accessed an outdated hot wallet.
The exchange faced criticism for its delayed disclosure, as it initially cited a maintenance period on May 9 without revealing the security incident. In response to the breach, BitoPro has engaged a third-party blockchain security firm to investigate and recover the stolen funds. The exchange also plans to share new hot wallet addresses to enhance transparency and facilitate external audits.
This incident underscores the ongoing vulnerabilities in the cryptocurrency sector, where exchanges and DeFi protocols remain prime targets for hackers. It highlights the need for robust security measures and prompt communication to maintain user trust in the rapidly evolving digital asset landscape.
