The official OKX app features seamless multilingual interface switching, providing global users with barrier-free trading experience. Our innovative social copy trading system connects you with professional strategies, while open API supports customized q
Download for Android Download for IOS
Taiwan's BitoPro cryptocurrency exchange finally acknowledged a 【$11.5 million】 digital asset theft on June 2, nearly a month after suspicious transactions were first detected on May 8. Blockchain investigator ZachXBT revealed the exchange failed to notify users through official channels during this period, despite the substantial losses.
The attackers drained hot wallets across four major blockchains — Ethereum, Tron, Solana and Polygon — before funneling assets through decentralized exchanges. Blockchain traces show the stolen funds were either sent through cryptocurrency mixer Tornado Cash or converted to Bitcoin via THORChain, classic money-laundering techniques according to security analysts.
——This pattern suggests professional hackers rather than opportunistic attackers—— noted a Hacken security researcher in exclusive comments to Cointelegraph.
While BitoPro announced routine maintenance on May 9, users subsequently reported persistent problems withdrawing USDt. The exchange now attributes the breach to an "old hot wallet" vulnerability exposed during a system upgrade, claiming 【sufficient reserves】 remain to cover user assets.
The incident coincides with escalating attacks on crypto platforms, including: • 【$220 million】 Cetus DEX exploit (May 22) • 【$162 million】 recovered through validator intervention • 【$3 million】 Nervos network breach (June 2)
Hacken analysts observed the BitoPro attackers required six hours and multiple attempts to complete their theft, suggesting possible security gaps in access controls. The firm's "Extractor" monitoring system has since flagged similar vulnerabilities in other exchanges.
Facing scrutiny over its delayed disclosure, BitoPro pledged to share new hot wallet addresses for external monitoring. The exchange maintains all trading functions remained operational throughout the incident, with a third-party firm now tracking the stolen funds.
——Access control failures represent the most critical Web3 threat today—— emphasized the Hacken analyst, noting real-time monitoring could prevent similar exploits.