BitoPro $11.5M incident – ZachXBT exposes new security failures and points to a cover-up by the exchange. He shares data on suspicious transactions from BitoPro’s hot wallets that potentially support his claims of a concealed security breach.
More on the BitoPro Incident and ZachXBT’s Findings
As you may recall, ZachXBT often plays a key role in uncovering security incidents–he was even publicly thanked by Bybit for his efforts. Actually, I also recommend looking into the details of that attack and whether Bybit actually proved to be secure.
But this was not the kind of case we saw with Bybit – where the breach and recovery process the whole industry watched live, starting with the initial announcement and followed by fund recovery and restored liquidity.
According to ZachXBT’s investigation, approximately $11.5 million was drained from the platform’s hot wallets on May 8. The compromised assets spanned several networks, including Tron, Ethereum, Solana, and Polygon.
He also provided a clear visualization mapping the flow of funds. The assets were routed through a chain of crypto mixers to obfuscate the trail, specifically moved through Tornado Cash, Thorchain, and then into Wasabi.
ZachXBT flagged a set of suspicious transactions, but more importantly, he accused the exchange of suppressing the incident. Based on his data, the exploit traces back to May 8 and, as he pointed out, was not accompanied by any public communication from the platform.
And that matters – regardless of how credible ZachXBT’s investigations are, without an official statement from the platform, the incident cannot be definitively confirmed or denied.
Conclusion
It’s a no-win situation for BitoPro – staying silent so long results in reputational damage by omission. Acknowledging this, on the other hand, would mean reputational damage both from the incident itself and from the fact it was initially concealed. We’ll be watching closely to see whether BitoPro’s next moves.
