This June started with another multimillion-dollar crypto exchange hack, while a major crypto platform said it thwarted an attack by North Korean hackers.
Today, the BitoPro exchange confirmed that its “old hot wallet” was recently attacked during a wallet system upgrade. The company didn’t disclose any dates or losses, only saying that assets were secured by moving them to new wallets and blocking the attacker.
“BitoPro’s virtual asset reserves are ample, and user assets remain completely unaffected. Since the incident, all deposit, withdrawal, and trading functions have continued to operate normally,” the company said.
Popular blockchain sleuth ZachXBT was the first to report the hack, saying that on May 8th, the exchange was likely exploited for around $11.5 million.
“Hot wallets on Tron, Ethereum, Solana, Polygon, etc. saw suspicious outflows where assets were market-sold via [decentralized exchange],” he said on his Telegram channel, adding that the stolen funds were then deposited to the Tornado crypto mixer in an attempt to cover their tracks, or bridged to Bitcoin via the Thorchain platform and deposited into the privacy-focused Bitcoin wallet, Wasabi.
According to Coingecko.com data, the 24-hour trading volume on BitoPro reached almost $26 million.
Meanwhile, in a separate story, another crypto exchange, derivatives giant BitMEX, said it had managed to thwart an attempted attack by North Korea–state-sponsored hackers from the Lazarus Group after a BitMEX employee was contacted through LinkedIn for a potential “NFT Marketplace” project collaboration.
“After some back and forth with the attacker, our employee was invited to a private GitHub repository which contained code for a Next.js/React website. The goal was to make the victim run the project, which includes malicious code, on their computer,” BitMEX said.
According to them, this Lazarus Group campaign shows a stark contrast between their entry-level phishing strategies and advanced post-exploitation techniques.
Your email address will not be published. Required fields are markedmarked