North Korean Lazarus Group Hacks BitoPro Crypto Exchange, Stealing $11.5M and Exposing Centralized Exchange Vulnerabilities

Taiwanese cryptocurrency exchange BitoPro suffered a major cyberattack in May, resulting in the theft of approximately $11.5 million from its hot wallets. Joint investigations by BitoPro and cybersecurity experts confirmed that the North Korean state-backed Lazarus Group orchestrated the hack. Attackers used social engineering to compromise a cloud operations engineer’s device, deployed malware, and bypassed multiple security layers, including multi-factor authentication. The breach facilitated unauthorized asset transfers on Tron, Ethereum, Solana, and Polygon networks. Stolen funds were quickly laundered through decentralized services like Tornado Cash, Thorchain, and Wasabi Wallet. These tactics mirror previous Lazarus-linked attacks, such as the $1.5 billion Bybit hack from earlier in the year. In response, BitoPro shut down affected wallets, replaced keys, and fortified security systems. Authorities are now conducting a criminal investigation. The incident underscores the persistent security challenges facing centralized crypto exchanges and highlights the evolving threat posed by state-backed hacking groups. This may lead to increased regulatory scrutiny, higher operational costs, and diminished trader confidence in centralized platforms, potentially impacting market risk appetite.