Verify a decision

{"actor":"system:backfill","investigation_id":"48bd7d95-a2a6-4b73-a470-8c98d947958f","kind":"publish","page_slug":"bitopro","published_at":"2026-05-19T15:18:31.093Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"BitoPro","sections":[{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]}],"sources_used":[],"summary":"BitoPro is a Taiwanese centralized cryptocurrency exchange operated by BitoGroup, serving over 800,000 users with TWD (New Taiwan Dollar) fiat on/off-ramps. On May 8, 2025, the exchange suffered an approximately $11.5 million hot wallet theft attributed to North Korea's Lazarus Group via a social-engineering and AWS-token-hijacking attack. The exchange did not publicly disclose the breach for approximately 25 days, only confirming the incident after on-chain investigator ZachXBT flagged suspicious outflows on June 2, 2025.","timeline":[{"date":"2018-01-01","event":"BitoPro exchange launched by BitoGroup (BitoEX team), providing TWD fiat crypto trading in Taiwan.","source":"","source_url":"https://tradingfinder.com/exchanges/bitopro/"},{"date":"2025-05-08","event":"Lazarus Group (alleged) exploits BitoPro hot wallets during a routine system upgrade, stealing approximately $11.5 million across Ethereum, Tron, Solana, and Polygon via malware, AWS session token hijacking, and C2-directed withdrawals.","source":"","source_url":"https://www.bleepingcomputer.com/news/security/bitopro-exchange-links-lazarus-hackers-to-11-million-crypto-heist/"},{"date":"2025-06-02","event":"ZachXBT publicly flags approximately $11.5 million in suspicious hot wallet outflows from BitoPro on Telegram, stating the exchange was 'likely exploited.' ZachXBT documents the laundering trail through Tornado Cash, ThorChain, and Wasabi Wallet.","source":"","source_url":"https://www.theblock.co/post/356522/zachxbt-flags-suspicious-11-5m-outflows-from-bitopro-exchanges-hot-wallets-says-it-was-likely-exploited"},{"date":"2025-06-02","event":"BitoPro confirms the security breach approximately three hours after ZachXBT's public post, stating an 'old hot wallet' was compromised during a system upgrade. The exchange states user funds are unaffected and have been replenished from internal reserves.","source":"","source_url":"https://fortune.com/crypto/2025/06/03/taiwanese-crypto-exchange-bitopro-confirms-hack/"},{"date":"2025-06-03","event":"Major outlets including Fortune, CoinDesk, and CryptoNews report on the confirmed BitoPro hack. CoinGecko data shows a 21% drop in exchange trading volume following public disclosure.","source":"","source_url":"https://www.coindesk.com/tech/2025/06/02/taiwanese-crypto-exchange-bitopro-likely-hacked-for-usd11m-in-may-zachxbt-says"},{"date":"2025-06-11","event":"BitoPro announces completion of external cybersecurity investigation, attributing the attack to Lazarus Group based on TTPs consistent with prior Lazarus operations including SWIFT-system exploits and previous exchange heists.","source":"","source_url":"https://www.bleepingcomputer.com/news/security/bitopro-exchange-links-lazarus-hackers-to-11-million-crypto-heist/"}]},"v":1}