Taiwan-based crypto exchange BitoPro is under scrutiny following reports of a major security breach that led to over $11.5 million in digital assets being siphoned from its hot wallets.
The incident, which reportedly occurred on May 8, 2025, has not been officially acknowledged by the exchange, raising questions about transparency and user safety in the wake of growing threats in the crypto space.
On-Chain Traces Point to Coordinated Drain of Multi-Chain Assets
Blockchain investigator ZachXBT, known for his meticulous tracking of digital asset exploits, brought the issue to light. According to his findings, the unauthorized transfers spanned across Ethereum, Tron, Polygon, and Solana—all ecosystems where BitoPro maintains liquidity and wallet activity.
The stolen assets were quickly funneled into decentralized exchanges (DEXs) and subsequently converted or bridged, with some moved through Tornado Cash, a crypto mixer often associated with anonymizing illicit transactions. Additional funds appear to have been routed to Bitcoin via THORChain, further complicating traceability.
Also Read: Uphold Exchange Addresses XRP Army With New Report for the Week
“Weeks later, BitoPro still hasn’t made any public disclosure on X or Telegram,” ZachXBT stated in a post.
Despite user speculation and the mounting evidence of a breach, BitoPro has yet to issue any formal confirmation, nor has it addressed growing user concerns related to asset safety and withdrawal issues.
Interestingly, the day after the suspected breach, BitoPro initiated a platform maintenance window on May 9, which it claimed to have resolved within the same day. However, users have since reported inability to withdraw USDT and other tokens, suggesting that operational limitations may still be in place, possibly linked to the hack.
Efforts by several media outlets to obtain a response from BitoPro have reportedly gone unanswered.
Larger Pattern of Exchange Exploits in 2025
This latest incident reflects a broader and troubling trend in 2025, where centralized and decentralized platforms alike have become prime targets for sophisticated attacks.
Recently, decentralized exchange Cetus was exploited for more than $220 million, though a majority of the funds, approximately $162 million, were later recovered and returned following a governance proposal passed on May 30.
These attacks highlight a critical vulnerability in the digital asset ecosystem: the security of hot wallets, which remain connected to the internet and are often the first point of contact for hackers looking to drain funds quickly and anonymously.
Regulatory Pressure Mounts Amid Industry Silence
BitoPro’s failure to publicly acknowledge the breach has not gone unnoticed. The silence is prompting criticism from both users and regulatory observers. In Taiwan and across Asia, regulators are pushing for stronger disclosure rules for crypto exchanges, especially in incidents involving customer funds.
Without clarity from the exchange, customers are left in the dark about whether their assets are safe or what steps, if any, BitoPro is taking to mitigate future risks. As of now, the company’s terms of service do not clearly outline a protocol for addressing loss of funds due to external exploits.
36crypto Takeaway: The Cost of Silence in a Transparent Ecosystem
The case of BitoPro underscores a critical weakness in crypto operations: a lack of proactive communication during crises. While decentralized technologies aim to promote transparency, centralized entities like BitoPro still hold centralized control over information flow. This creates a tension in trust, especially when millions are at stake.
As regulators increase oversight and users demand accountability, incidents like this may force exchanges to adopt mandatory breach disclosure policies, similar to those seen in traditional finance and cybersecurity.
Until then, BitoPro’s silence serves as a cautionary tale: in an industry that runs on trust, transparency is not optional—it’s survival.
Also Read: Pi Network Set to Explode? 60M Users Push for Binance and Coinbase Listing
