Taiwanese crypto exchange ‘BitoPro’ admits to $11.5M exploit after ZachXBT report

Crypto investigator ZachXBT claimed on June 2 that Taiwan’s exchange BitoPro was likely hacked, resulting in a loss of nearly $11.5M. Hot wallets on Tron, Ethereum, Solana, and Polygon saw suspicious outflows on May 8, and the stolen assets were sold via DEX.

The on-chain detective blew the whistle on Sunday, claiming that BitoPro was possibly hacked and the funds went into a coin mixer. According to ZachXBT, the loot was drained from hot wallets across multiple chains and laundered via Tornado Cash and Thorchain.

Funds were then deposited into Tornado Cash or bridged Bitcoin via THORChain before they were deposited into Wasabi. The exchange has so far not officially acknowledged the incident, suspending its services only on the grounds of “system maintenance.”

BitoPro acknowledges security breach weeks after incident 

【BitoPro Official Statement: June 2, 2025】
BitoPro recently experienced a cyberattack on an old hot wallet during a wallet system upgrade. Upon detection, we quickly launched an emergency response, securing assets by moving them to new wallets and blocking the attacker.

— BitoGroup 幣託集團 (@BitoEx_Official) June 2, 2025

BitoPro finally confirmed three weeks after the incident that it had suffered a wallet exploit. On June 2, the exchange said the breach occurred during a wallet system upgrade when an attacker exploited an “old hot wallet” during internal fund reallocation.

On May 9, BitoPro announced a maintenance period for the exchange, which was resolved on the same day. Deposits, withdrawals, and all trading functions remained operational while a third-party blockchain security firm was commissioned to trace the stolen funds.

However, many users have since reported being unable to withdraw USDt (USDT).

“We hereby declare that the platform has sufficient virtual asset reserves and user rights are not affected at all. Since the incident, user top-up, withdrawal and transaction functions have remained normal.”

–BitoPro

BitoPro promised to release its new hot wallet address for external inspection soon in order to demonstrate its commitment to asset security and transparency. The exchange’s team added that many of the platform’s assets were stored in cold wallets with no external connections for a long time and had never been affected, so the overall assets were safe.

The team also said it will continue to improve information security protection mechanisms, fine-tune wallet management processes and monitoring capabilities, and protect the asset security of every user.

ZachXBT believes BitoPro’s delay in publicizing breach was unnecessarily

Do you want to explain to the community why multiple of your hot wallets saw suspicious outflows of ~$11.5M on May 8, 2025 where you still have not disclosed the security incident on X or Telegram several weeks later? pic.twitter.com/HlD0c93Or4

— ZachXBT (@zachxbt) June 2, 2025

The crypto Sherlock Holmes also questioned BitoPro’s reluctance to publicize the hack and loss of funds on X or Telegram weeks (~25 days) after the alleged security incident.

He recently demanded real consequences, especially for underage SIM swappers and phishers, pointing out that Canadian and EU laws were a bit lenient on such young malicious actors.

However, SomaXBT, another scam survivor turned crypto-threats investigator, claimed that the BitoPro team was probably working in the background to recover the stolen funds to surprise their users with a great heist and recovery story.

The exchange users shared ZachXBT’s claim on the official BitoPro Telegram channel, where an administrator of the channel responded by saying they had just received numerous inquiries and would respond accordingly after investigations were concluded.

As of the time of publication, the extent to which user assets on the exchange were affected remains unclear, and the attackers have not yet been identified.