Share this article
Taiwanese Crypto Exchange BitoPro Likely Hacked for $11M in May, ZachXBT Says
On-chain sleuth ZachXBT reports that BitoPro suffered a suspected $11.5 million exploit on May 8, with stolen funds laundered through Tornado Cash and Thorchain.
Updated Jun 2, 2025, 1:50 p.m. Published Jun 2, 2025, 7:13 a.m.
What to know:
- Taiwanese cryptocurrency exchange BitoPro reportedly lost over $11.5 million in a May 8 exploit involving unauthorized access to its hot wallets.
- The stolen assets were laundered through privacy protocols and eventually moved to a Bitcoin mixing service.
- BitoPro has not publicly acknowledged the breach, citing system maintenance as the reason for a temporary service suspension.
Taiwanese cryptocurrency exchange BitoPro is suspected to have lost over $11.5 million worth of tokens in a May 8 exploit, widely-followed blockchain sleuth ZachXBT said in his Telegram group on Monday.
The exploit involved unauthorized access to BitoPro's hot wallets across multiple blockchains, including Ethereum, Tron, Solana, and Polygon.
STORY CONTINUES BELOW
The stolen assets were then sold on decentralized exchanges, with proceeds laundered through privacy protocols such as Tornado Cash and Thorchain, and eventually moved to Wasabi Wallet, a Bitcoin mixing service.
BitoPro has not issued any public statements acknowledging the breach since the supposed explicit. Users were informed of a temporary service suspension due to "system maintenance” last month, and there was little social chatter in popular crypto X circles around the incident at the time.
“BitoPro has yet to formally disclose the incident on X or Telegram and told users the exchange was just offline for "maintenance,” ZachXBT said.
BitoPro has been based in Taiwan since 2018 and is operated by BitoGroup. It is mostly focused on the local market and mainly supports Taiwanese dollar (TWD) fiat pairs for major tokens such as bitcoin , ether and others.
It processed over $20 million in trading volumes in the past 24 hours, data shows, and is the top locally-focused exchange by that metric.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
New React bug that can drain all your tokens is impacting 'thousands of' websites
Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
What to know:
- A critical vulnerability in React Server Components, known as React2Shell, is being actively exploited, putting thousands of websites at risk, including crypto platforms.
- The flaw, CVE-2025-55182, allows remote code execution without authentication and affects React versions 19.0 through 19.2.0.
- Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
Top Stories
