Lazarus Group Suspected in $11M Crypto Heist Targeting Taiwan’s BitoPro Exchange

Taiwanese cryptocurrency platform BitoPro has blamed North Korea’s Lazarus Group for a cyberattack that resulted in $11 million in stolen digital assets. The breach occurred on May 8, 2025, during an upgrade to the exchange’s hot wallet system. 

According to BitoPro, the tactics and methods used by the hackers closely resemble those seen in other global incidents tied to the Lazarus Group, including high-profile thefts via SWIFT banking systems and other major crypto platforms.

BitoPro serves a primarily Taiwanese customer base, offering fiat transactions in TWD alongside various cryptocurrencies. 

The exchange currently supports over 800,000 users and processes approximately $30 million in daily trades.

The attack exploited vulnerabilities during a system update, enabling the unauthorized withdrawal of funds from a legacy hot wallet spread across several blockchain networks, including Ethereum, Tron, Solana, and Polygon. The stolen cryptocurrency was then quickly laundered through decentralized exchanges and mixers such as Tornado Cash, Wasabi Wallet, and ThorChain, making recovery and tracing more difficult. 

Despite the attack taking place in early May, BitoPro only publicly acknowledged the breach on June 2. At that time, the exchange assured users that daily operations remained unaffected and that the compromised hot wallet had been replenished from its reserve funds.

Following a thorough investigation, the

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.