On May 8th, approximately $11.5 million in cryptocurrency was withdrawn from the hot wallets of the Taiwan-based crypto exchange BitoPro. Despite 25 days having passed since the incident, the company has not issued an official statement. Users are left trying to understand what transpired amidst the uncertainty, while Blockchain researcher ZachXBT has described the transfers as a “possible attack.” The funds, originating from Tron, Ethereum 
$3,094, Solana 
$139, and Polygon networks, were quickly funneled into Tornado Cash and then bridged to Bitcoin 
$91,081 via Thorchain, finally ending up in Wasabi wallets. Blockchain data indicates that the trail of the funds was obscured almost instantaneously.
Behind the $11.5 Million Suspicious Fund Withdrawal
Data from Blockchain monitoring platforms reveal that the initial movement began with a “test withdrawal” of 23,000 USDT, followed by the transfer of hundreds of thousands of dollars from hot wallets to cold wallets. The transferred funds were soon split and moved through cryptocurrency mixer services, effectively making it difficult to trace them and foiling attempts at freezing the assets. Experts highlight that the Tornado Cash-Thorchain-Wasabi route has become a “classic escape path,” increasingly adopted in Asia-centric attacks.
According to ZachXBT, the attacker or attackers executed transactions with an average interval of fifteen seconds during inter-network transfers. This tactic prevented analytical tools from detecting correlations on the Blockchain. Although the sum of $11.5 million may seem relatively modest, it represents a significant portion of the hot wallet liquidity for many exchanges.
BitoPro’s Silence Alarms Users
The incident’s circulation on social media and community channels spurred rumors of panic selling. The exchange’s only communication, a brief statement on its official Telegram account reading “We will respond collectively,” led many users to move their funds to external wallets.
Legal experts note that new transparency metrics prepared by Taiwanese regulators for cryptocurrency exchanges aim precisely to reduce such silences.
Security analysts recall Bybit’s $1.4 billion attack earlier in the year, which involved a similar crypto mixer-bridge-P2P route, with 27% of the funds disappearing without a trace. In the Bybit case, the involvement of the North Korea-backed Lazarus Group was identified, while the perpetrator in the BitoPro incident remains unidentified. However, the similarity in the tactics suggests the involvement of a professional team operating in the region. Experts emphasize that any platform failing to strengthen its “hot wallet-cold wallet balance” could face similar risks.
