BitoPro has confirmed an $11,5 million hack due to pressure from the crypto community
Hackers laundered assets using Tornado Cash, Thorchain, and Wasabi mixers
02.06.2025 - 15:40
521
2 min
0
What’s new? According to an anonymous researcher under the nickname ZachXBT, known for his publications about hacks and scams in the crypto space, Taiwanese crypto exchange BitoPro suffered an exploit with $11,5 million in damage on May 8.
What else is known? ZachXBT reported in its Telegram channel that suspicious outflows were reported from the exchange’s hot wallets on several networks, including Tron, Ethereum, Solana, and Polygon.
The stolen funds were then transferred to the Tornado Cash crypto mixer or redirected to the Bitcoin blockchain via the Thorchain protocol and transferred to the Wasabi wallet, which also offers mixing capabilities.
Although 25 days have passed since the incident, BitoPro did not publish an official statement regarding the incident until ZachXBT wrote about it.
When users of the exchange shared ZachXBT’s post on BitoPro’s official Telegram channel, its admin wrote, “Just received numerous inquiries, and we will respond uniformly to all of you later.”
BitoPro then issued an official statement in Chinese, admitting that the platform had been hacked during an update to its wallet system and asset transfer operations.
“At the moment the incident occurred, an emergency response mechanism was immediately activated, securely transferring platform assets to a new wallet and blocking hacker activities, while also commissioning a third-party professional cybersecurity company to comprehensively investigate and track related leads,” BitoPro said in its translated statement.
While the company assured that no user funds were affected, it did not explain why it did not promptly report the security breach. Official details about the exploit remain undisclosed.
The $1,5 billion hack of Dubai-based exchange Bybit by Beng Zhou in February also involved laundering assets through mixers including Wasabi, Tornado Cash, and Thorchain, which were then exchanged via cross-chain bridges and P2P platforms.
According to the latest update from the head of Bybit, more than 27% of the stolen funds, or about $380 million in cryptocurrency, are unrecoverable. The hackers behind the exploit have been identified as Lazarus Group, which is backed by North Korea.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$60 043
BTC
+0.25%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.05
XRP
+0.25%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.07298
DOGE
-0.94%
-
Zcash
$382.67
ZEC
-2.55%
-
Stellar XLM
$0.17411
XLM
+1.57%
-
Cardano
$0.145052
ADA
+0.54%
-
Polkadot
$3.32
DOT
+5.27%