Taiwanese cryptocurrency exchange BitoPro was seemingly compromised in an audacious cyber heist in early May, losing more than $11.5 million in a breach that has left the digital asset community buzzing with speculation. The incident, which remained under wraps for weeks, was brought to light by renowned blockchain investigator ZachXBT in his Telegram group on Monday, stirring questions about operational transparency and security protocols in the crypto industry.
A Silent Breach and Its Aftermath
The exploit reportedly took place on May 8, when unauthorized actors gained access to BitoPro’s hot wallets spanning several blockchains, including Ethereum, Tron, Solana, and Polygon. In a carefully orchestrated move, the stolen assets were quickly offloaded on decentralized exchanges. The proceeds were then funneled through privacy-focused protocols like Tornado Cash and Thorchain, before finding their way into Wasabi Wallet, a Bitcoin mixing service known for its anonymity features.
Despite the magnitude of the breach, BitoPro has remained tight-lipped, with no public acknowledgment of the incident. Users were informed of a temporary suspension of services, attributed to “system maintenance” rather than a security breach. The muted response has drawn criticism from industry observers who argue that transparency is crucial, especially when customer assets are at stake.
ZachXBT, who has garnered a reputation for unmasking illicit activities in the blockchain space, expressed concern over BitoPro’s handling of the situation. “BitoPro has yet to formally disclose the incident on X or Telegram and told users the exchange was just offline for ‘maintenance,'” he noted, underscoring the need for greater accountability.
The Landscape of Crypto Security
The BitoPro breach is a stark reminder of the vulnerabilities inherent in the rapidly evolving cryptocurrency landscape. Exchanges, functioning as the backbone of digital asset trading, are frequent targets for cybercriminals looking to exploit security lapses. The incident also highlights the sophisticated methods used by hackers to obscure their tracks, utilizing a combination of decentralized exchanges and privacy-enhancing technologies to launder illicit gains. This follows a pattern of increasing complexity in the crypto space, as detailed in our analysis of multi-wallet usage and AI’s potential to address crypto fragmentation.
As the top locally-focused exchange in Taiwan, BitoPro has been a significant player since its inception in 2018, primarily serving the local market with a focus on Taiwanese dollar (TWD) fiat pairs for major tokens like Bitcoin and Ether. Despite its prominence, the exchange’s apparent reluctance to address the breach publicly has raised eyebrows, with some users expressing unease about the security of their assets.
Industry experts, however, suggest that BitoPro’s silence might be a strategic move, allowing the company time to conduct a thorough investigation and reinforce its defenses before making a detailed disclosure. Meanwhile, the exchange continues to process significant trading volumes—over $20 million in the past 24 hours alone—underscoring its enduring role in the regional market.
Implications for the Future
The lack of communication from BitoPro has sparked discussions about the need for standardized security protocols and reporting mechanisms across the industry. As regulatory scrutiny intensifies globally, exchanges may soon be compelled to adopt more robust measures to protect user assets and maintain investor confidence. This is particularly pressing given the recent surge in crypto token failures, with CoinGecko reporting that 1 in 4 tokens launched since 2021 have died in Q1.
Looking ahead, the BitoPro incident could serve as a catalyst for change, prompting exchanges to reevaluate their security frameworks and crisis management strategies. The community is likely to keep a close watch on BitoPro’s next moves, both in terms of public disclosure and the steps taken to avert future breaches.
In the meantime, crypto enthusiasts and investors are left to ponder the broader implications of such exploits—and the delicate balance between innovation and security in the digital asset realm. As the industry matures, the ongoing challenge will be to safeguard the very networks that power its growth, ensuring that trust remains a cornerstone of the crypto ecosystem.
Source
This article is based on: Taiwanese Crypto Exchange BitoPro Likely Hacked for $11M in May, ZachXBT Says
Further Reading
Deepen your understanding with these related articles:
- US crypto groups urge SEC for clarity on staking
- U.S. Congress Braces for Intense Debate Over Crypto Legislation This Summer (openai)
- The SEC Can Learn From the IRS in Making Regulation Simpler for Crypto
Steve Gregory is a lawyer in the United States who specializes in licensing for cryptocurrency companies and products. Steve began his career as an attorney in 2015 but made the switch to working in cryptocurrency full time shortly after joining the original team at Gemini Trust Company, an early cryptocurrency exchange based in New York City. Steve then joined CEX.io and was able to launch their regulated US-based cryptocurrency. Steve then went on to become the CEO at currency.com when he ran for four years and was able to lead currency.com to being fully acquired in 2025.
