BitoPro, Taiwan’s second-largest cryptocurrency exchange, was the target of a cyberattack on May 8, resulting in an estimated loss of NT$345 million (US$11.5 million), according to blockchain analyst ZachXBT.
The Financial Supervisory Commission (FSC) confirmed the breach and announced it would require BitoPro to issue an official statement addressing the incident. BitoPro’s parent company, Bito Group, assured users that their assets and rights would remain protected and unaffected by the attack.
ZachXBT’s on-chain analysis revealed that the attackers exploited multiple blockchains, including Tron, Ethereum, Solana, and Polygon. After the theft, the stolen funds were funneled through centralized exchanges or third-party digital asset platforms for liquidation.
The hackers also utilized mixing services, such as Tornado Cash, to obfuscate the origin and destination of the stolen assets, and employed Thorchain for cross-chain transfers to move the funds into the Bitcoin network. Subsequently, the funds were deposited into privacy-focused wallets like Wasabi.
Blockchain technology, which underpins cryptocurrency transactions, is known for its decentralized and secure database. It stores data across interconnected blocks, creating an immutable and transparent ledger. According to Binance Academy and Amazon Web Services (AWS), this structure prevents unauthorized changes to transaction records, making it an ideal tool for tracking digital assets.
Mixers, or privacy-enhancing services, help mask the identity of senders and receivers on public blockchains like Bitcoin and Ethereum. While these services can protect user privacy and have gained support from some proponents, they are often linked to money laundering activities and face increasing scrutiny from regulators worldwide.
BitoPro stated that the breach occurred during an upgrade of its wallet system and asset transfer process, with the hackers targeting an outdated hot wallet. Hot wallets, which are connected to the internet for quick access, are more vulnerable to cyberattacks compared to cold wallets, which are offline and considered more secure.
Upon detecting the intrusion, BitoPro immediately transferred its assets to a new wallet and blocked further unauthorized access. The platform has enlisted a third-party cybersecurity firm to investigate the breach and monitor ongoing activities.
BitoPro reassured users that all platform services, including deposits, withdrawals, and trading, remained fully operational.
Additionally, BitoPro plans to publicly disclose the new hot wallet address for user verification. The company emphasized that the majority of its assets are stored in cold wallets, which were not impacted by the attack.
The Financial Supervisory Commission clarified that Bito Group is responsible for the financial losses caused by the hack and is prohibited from passing the costs onto users. The commission also underscored the importance of timely reporting major incidents and pledged to oversee improvements in the security measures across the industry.
Related Topics:
Optimism for Hong Kong Stablecoins Amid High Compliance Costs
House Introduces New Bill to Regulate Cryptocurrency
Bitcoin and Ethereum Surge: Key Factors Behind the Price Jump
