Skip to main content
Sign in

BitoPro

avoid.net/bitopro38/100·100% conf.
[AI-DRAFTED · AWAITING VERIFICATION][src:centralized][src:lazarus-group][src:twt-fiat][src:hot-wallet][src:spot-trading][src:exchange][src:zachxbt][src:bitogroup][src:disclosure-delay][src:north-korea][src:aml-violation][src:taiwan][src:fsc-regulated][src:vasp][src:hack]
anchored·46hL5g…t3cY

Summary

BitoPro is a Taiwanese centralized cryptocurrency exchange operated by BitoGroup, serving over 800,000 users with TWD (New Taiwan Dollar) fiat on/off-ramps. On May 8, 2025, the exchange suffered an approximately $11.5 million hot wallet theft attributed to North Korea's Lazarus Group via a social-engineering and AWS-token-hijacking attack. The exchange did not publicly disclose the breach for approximately 25 days, only confirming the incident after on-chain investigator ZachXBT flagged suspicious outflows on June 2, 2025.

Connected Entities

1 entities
Organizations
BitoPro
Relationships
    Have evidence about BitoPro?

    Timeline(6 events)

    2018-01-01

    BitoPro exchange launched by BitoGroup (BitoEX team), providing TWD fiat crypto trading in Taiwan.

    2025-05-08

    Lazarus Group (alleged) exploits BitoPro hot wallets during a routine system upgrade, stealing approximately $11.5 million across Ethereum, Tron, Solana, and Polygon via malware, AWS session token hijacking, and C2-directed withdrawals.

    2025-06-02

    ZachXBT publicly flags approximately $11.5 million in suspicious hot wallet outflows from BitoPro on Telegram, stating the exchange was 'likely exploited.' ZachXBT documents the laundering trail through Tornado Cash, ThorChain, and Wasabi Wallet.

    2025-06-02

    BitoPro confirms the security breach approximately three hours after ZachXBT's public post, stating an 'old hot wallet' was compromised during a system upgrade. The exchange states user funds are unaffected and have been replenished from internal reserves.

    2025-06-03

    Major outlets including Fortune, CoinDesk, and CryptoNews report on the confirmed BitoPro hack. CoinGecko data shows a 21% drop in exchange trading volume following public disclosure.

    2025-06-11

    BitoPro announces completion of external cybersecurity investigation, attributing the attack to Lazarus Group based on TTPs consistent with prior Lazarus operations including SWIFT-system exploits and previous exchange heists.

    Provenance & Audit Trail
    Anchored on SolanaVerify on-chainsrc:centralizedsrc:lazarus-groupsrc:twt-fiatsrc:hot-walletsrc:spot-tradingsrc:exchangesrc:zachxbtsrc:bitogroupsrc:disclosure-delaysrc:north-koreasrc:aml-violationsrc:taiwansrc:fsc-regulatedsrc:vaspsrc:hack

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet

    generated: 5/4/2026, 4:05:05 PM

    last updated: 5/26/2026, 4:11:17 AM

    avoid.net — verified advice for a post-truth world