TL;DR
- Taiwanese exchange BitoPro suffered a theft of over $11.5 million in digital assets after a breach in its hot wallets on May 8.
- The incident was identified by on-chain analysts and, days later, confirmed by the company itself through a post on X (formerly Twitter).
- Although BitoPro claims that withdrawals were not affected, several users have reported difficulties withdrawing USDT.
BitoPro confirmed on June 2, through a post on its official X account, that it had been the victim of an attack on its hot wallets. The statement came weeks after the incident, despite the fact that suspicious movements were already circulating among analysts such as ZachXBT.
According to the platform, the attacker exploited an old wallet during an update of its internal fund management system. Meanwhile, on May 9, the company announced supposed “maintenance,” without mentioning the hack, which increased users’ doubts as they began experiencing issues with withdrawals, severely damaging overall trust in the platform and sparking heated debate across online crypto communities.
Repeated Tactics and Recognizable Pattern
On-chain analysis shows that the stolen assets were quickly moved to decentralized exchanges, mixers like Tornado Cash, and bridges such as THORChain. These techniques, commonly associated with cybercriminals, make tracing and recovering the funds extremely difficult. The theft affected assets on networks such as Ethereum, Solana, Tron, and Polygon. Although BitoPro assures users that their funds are safe and that operations continue normally, many user reports contradict that version—especially regarding USDT withdrawals—raising concerns about the actual stability and security of the platform as it stands under public scrutiny.
Risks Persist for Centralized Platforms
This new attack adds to a worrying trend in 2025. Both centralized platforms and DeFi protocols have suffered multiple attacks, such as the recent case of the decentralized exchange Cetus, which lost over $220 million, although it managed to recover part of it thanks to a coordinated vote among validators. Unlike that joint response, BitoPro’s delayed communication casts doubt on its readiness to handle crises and respond appropriately to emergencies of this magnitude.
However, blockchain technology allows independent researchers to monitor events in real time, thereby strengthening the ecosystem by demanding accountability and constant transparency in the management of incidents and vulnerabilities.
Additionally, BitoPro stated that it will soon reveal the new address of its hot wallet to facilitate external audits. It also committed to improving its security protocols and updating its monitoring systems to prevent similar breaches in the future, seeking to regain the trust lost among its users and the broader market.
