Taiwanese cryptocurrency exchange BitoPro has attributed a recent $11 million cyber heist to the notorious North Korean hacking group Lazarus, following a sophisticated breach of its systems on May 8, 2025.
In a statement, BitoPro confirmed that hackers exploited an old hot wallet during a system update, stealing assets across Ethereum, Tron, Solana, and Polygon blockchains. The company says the attack methods closely mirror Lazarus’ previous operations, including patterns seen in high-profile SWIFT bank hacks and global crypto exchange breaches.
The attackers infiltrated BitoPro’s cloud infrastructure by infecting a cloud operations employee’s device with malware, hijacking AWS session tokens, and bypassing multi-factor authentication (MFA). Using a command-and-control (C2) server, the hackers injected malicious scripts into the hot wallet system, executing the theft while simulating routine activity to avoid detection.
The stolen assets were quickly laundered through decentralized exchanges (DEXs) and mixing services like Tornado Cash, ThorChain, and Wasabi Wallet.
Though the breach occurred in early May, BitoPro did not publicly acknowledge the incident until June 2, drawing criticism for the delayed disclosure. The company assured users that operations remained unaffected and impacted wallets were replenished using reserves. A full investigation, completed on June 11 with the help of third-party cybersecurity experts, found no insider involvement.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
