BitoPro’s $11.5 million hack in May became a textbook example of terrible crisis management. The Taiwanese exchange stayed silent for 25 days after hackers hit during a routine wallet upgrade, stealing Ethereum, Tron, and Solana assets through Tornado Cash. Users freaked out on Telegram while BitoPro blamed “routine maintenance.” ZachXBT finally exposed the truth on June 2, forcing the exchange to admit what everyone suspected. The mess raises bigger questions about crypto transparency.
BitoPro’s $11.5 million hack on May 8 turned into a masterclass in how not to handle a crisis. The Taiwanese exchange got hit during what should have been a routine wallet system upgrade. Ethereum, Tron, and Solana vanished into thin air. The hackers weren’t amateurs either—they laundered the stolen crypto through Tornado Cash like seasoned pros.
$11.5 million disappeared during a routine upgrade while hackers used Tornado Cash to cover their tracks like seasoned professionals.
Here’s where it gets interesting. BitoPro decided to play dumb for 25 days. They blamed “routine maintenance” for service disruptions while users scratched their heads. No transparency, no honesty, just corporate speak and crossed fingers.
Enter ZachXBT, the on-chain detective who doesn’t mess around. On June 2, he flagged suspicious wallet outflows that screamed “HACK” in capital letters. Only then did BitoPro finally admit what everyone already suspected. Twenty-five days too late.
The exchange’s Telegram group exploded with frustrated users demanding answers. BitoPro’s response? “Your funds are safe, trust us.” That’s a tough sell when you’ve just lost $11.5 million and kept quiet about it for nearly a month.
To BitoPro’s credit, they did activate emergency protocols. A third-party cybersecurity firm helped stop the bleeding, and remaining assets got moved to a new wallet. Withdrawals were frozen initially but resumed later. User funds apparently remained untouched, which is something. Despite implementing multi-signature wallets, the platform still proved vulnerable to sophisticated attacks.
But the damage was done. Rumors about BitoPro’s financial stability started swirling. Users questioned whether centralized exchanges like BitoPro could handle crises as well as their decentralized counterparts. The comparison wasn’t flattering. The hackers also moved stolen funds through centralized exchanges to complicate tracking efforts.
The incident highlights a brutal reality: system upgrades are prime time for hackers. Human error and lax security create perfect storm conditions. BitoPro learned this lesson the hard way.
The crypto community’s reaction was swift and unforgiving. Transparency isn’t optional in an industry built on trust. BitoPro’s delayed disclosure felt like a betrayal to users who expected better communication. The incident follows a disturbing pattern, with approximately 20 major crypto hacks recorded in May 2025 alone, totaling $244.1 million in losses.
This hack may attract regulatory scrutiny, which nobody wants. The whole mess could have been avoided with honest, timely communication. Instead, BitoPro chose silence and got burned for it.
