Skip to main content
Sign in
BitoPro1 decision on this page

Audit log

Every state-changing event for BitoPro: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-19 15:18:31Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 420,795,121
    sig
    46hL5gFZMhMF…PxEFt3cYexplorer ↗
    hash
    8ei7eG61SeET…TdzM18dssha256 → base58
    verifying row…full verify ↗
    canonical bytes (3433 B) ▸
    {"actor":"system:backfill","investigation_id":"48bd7d95-a2a6-4b73-a470-8c98d947958f","kind":"publish","page_slug":"bitopro","published_at":"2026-05-19T15:18:31.093Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"BitoPro","sections":[{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]}],"sources_used":[],"summary":"BitoPro is a Taiwanese centralized cryptocurrency exchange operated by BitoGroup, serving over 800,000 users with TWD (New Taiwan Dollar) fiat on/off-ramps. On May 8, 2025, the exchange suffered an approximately $11.5 million hot wallet theft attributed to North Korea's Lazarus Group via a social-engineering and AWS-token-hijacking attack. The exchange did not publicly disclose the breach for approximately 25 days, only confirming the incident after on-chain investigator ZachXBT flagged suspicious outflows on June 2, 2025.","timeline":[{"date":"2018-01-01","event":"BitoPro exchange launched by BitoGroup (BitoEX team), providing TWD fiat crypto trading in Taiwan.","source":"","source_url":"https://tradingfinder.com/exchanges/bitopro/"},{"date":"2025-05-08","event":"Lazarus Group (alleged) exploits BitoPro hot wallets during a routine system upgrade, stealing approximately $11.5 million across Ethereum, Tron, Solana, and Polygon via malware, AWS session token hijacking, and C2-directed withdrawals.","source":"","source_url":"https://www.bleepingcomputer.com/news/security/bitopro-exchange-links-lazarus-hackers-to-11-million-crypto-heist/"},{"date":"2025-06-02","event":"ZachXBT publicly flags approximately $11.5 million in suspicious hot wallet outflows from BitoPro on Telegram, stating the exchange was 'likely exploited.' ZachXBT documents the laundering trail through Tornado Cash, ThorChain, and Wasabi Wallet.","source":"","source_url":"https://www.theblock.co/post/356522/zachxbt-flags-suspicious-11-5m-outflows-from-bitopro-exchanges-hot-wallets-says-it-was-likely-exploited"},{"date":"2025-06-02","event":"BitoPro confirms the security breach approximately three hours after ZachXBT's public post, stating an 'old hot wallet' was compromised during a system upgrade. The exchange states user funds are unaffected and have been replenished from internal reserves.","source":"","source_url":"https://fortune.com/crypto/2025/06/03/taiwanese-crypto-exchange-bitopro-confirms-hack/"},{"date":"2025-06-03","event":"Major outlets including Fortune, CoinDesk, and CryptoNews report on the confirmed BitoPro hack. CoinGecko data shows a 21% drop in exchange trading volume following public disclosure.","source":"","source_url":"https://www.coindesk.com/tech/2025/06/02/taiwanese-crypto-exchange-bitopro-likely-hacked-for-usd11m-in-may-zachxbt-says"},{"date":"2025-06-11","event":"BitoPro announces completion of external cybersecurity investigation, attributing the attack to Lazarus Group based on TTPs consistent with prior Lazarus operations including SWIFT-system exploits and previous exchange heists.","source":"","source_url":"https://www.bleepingcomputer.com/news/security/bitopro-exchange-links-lazarus-hackers-to-11-million-crypto-heist/"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 6d6fc575-23f3-48db-af8b-7f5f2583c9a4
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.