Cyber Attack cyber

BitoPro

Jun 20, 2025 1 min read
BitoPro

The Taiwanese cryptocurrency exchange BitoPro experienced a cyberattack by the North Korean hacking group Lazarus, resulting in the theft of $11,000,000 worth of cryptocurrency. The attack occurred during a hot wallet system update, allowing hackers to perform unauthorized withdrawals across multiple blockchains. The stolen funds were laundered through DEXs and mixers. BitoPro's investigation confirmed no internal involvement, but attackers used social engineering and malware to hijack AWS session tokens and gain control over the cloud infrastructure. The company detected the compromise and shut down the hot wallet system, but the theft had already occurred.

Source: https://www.bleepingcomputer.com/news/security/bitopro-exchange-links-lazarus-hackers-to-11-million-crypto-heist/

TPRM report: https://scoringcyber.rankiteo.com/company/bitogroup

"id": "bit301062025",
"linkid": "bitogroup",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Financial Services',
                        'location': 'Taiwan',
                        'name': 'BitoPro',
                        'size': 'Over 800,000 registered users',
                        'type': 'Cryptocurrency Exchange'}],
 'attack_vector': 'Social Engineering, Malware Implant, AWS Session Token '
                  'Hijacking',
 'date_detected': '2025-05-08',
 'date_publicly_disclosed': '2025-06-02',
 'date_resolved': '2025-06-11',
 'description': 'The Taiwanese cryptocurrency exchange BitoPro claims the '
                'North Korean hacking group Lazarus is behind a cyberattack '
                'that led to the theft of $11,000,000 worth of cryptocurrency '
                'on May 8, 2025.',
 'impact': {'financial_loss': '$11,000,000',
            'systems_affected': ['Hot Wallet System']},
 'initial_access_broker': {'backdoors_established': True,
                           'entry_point': 'Social Engineering, Malware Implant',
                           'high_value_targets': ['Cloud Infrastructure']},
 'investigation_status': 'Completed',
 'motivation': 'Financial Gain',
 'post_incident_analysis': {'root_causes': 'Social engineering attack leading '
                                           'to malware implantation'},
 'references': [{'source': 'BitoPro'}],
 'response': {'containment_measures': ['Shut down hot wallet system',
                                       'Rotated cryptographic keys'],
              'law_enforcement_notified': True,
              'third_party_assistance': ['External Cybersecurity Expert']},
 'threat_actor': 'Lazarus Group',
 'title': 'BitoPro Cryptocurrency Exchange Hack',
 'type': 'Cyberattack',
 'vulnerability_exploited': 'Cloud Infrastructure Security'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.