Taiwan cryptocurrency exchange BitoPro is under serious questioning after accusations from blockchain researcher ZachXBT that the exchange suffered a security breach on May 8, 2025, and did not report it.
ZachXBT explains that more than $11.5 million worth of cryptocurrencies were drained from the hot wallets of BitoPro across several blockchain networks, including Ethereum, Tron, Solana, and Polygon.
ZachXBT reported the hackers later moved the funds through several tools to hide their activities. They initially exchanged the tokens on decentralized exchanges. They then moved the funds through privacy platforms like Tornado Cash, Thorchain, and Wasabi Wallet. These platforms help hide where the funds came from and where they went.
He put it all on his Telegram channel and then tagged BitoPro on X (formerly Twitter). “Do you want to tell the community why a number of your hot wallets made suspicious withdrawals totaling approximately $11.5M on May 8, 2025,” he tweeted.
The transfers were traced to a series of wallet addresses, which ZachXBT made public, linking them to the suspicious flows he identified on the day of the attack.
Yet even though this news was shared in the community, BitoPro has not said if the incident took place or not on its official channels of communication. Users were only told about “system maintenance” close to the time the suspected hack would have occurred.
Even weeks after, BitoPro still carried out regular promotions and advertisements, like its “June Trading Challenge,” without commenting on the accusations.
However, an admin on Bitopro Telegram responded “We just got many questions, and we will answer all of you later.” But there were no updates, and the exchange has yet to make a public announcement. Some users have led out frustration due to the lack of clarity, especially since their funds are involved.
The way the stolen money was moved is similar to how other hacks, like the Bybit hack that happened earlier this year. Cross-chain mixers were also used and it helped the hackers cover their tracks Currently, we have no information on who the attackers are and no update on how users’ assets were affected.
Also Read: Metaplanet Stock Jumps 10% as It Invests $117M in Bitcoin
