BitoPro Crypto Heist: North Korea’s Lazarus Group Steals $11.5M via Phished Employee
Ddos 
In May 2025, the Taiwanese cryptocurrency exchange BitoPro fell victim to a cyberattack, resulting in the loss of $11.5 million in digital assets. The breach remained undisclosed until June 2, when blockchain researcher ZachXBT exposed a series of suspicious transactions, prompting BitoPro to confirm the incident.
BitoPro has since released the findings of its internal investigation, revealing that the culprit behind the attack was the notorious Lazarus Group, a North Korean state-sponsored hacking collective infamous for its longstanding campaigns targeting the cryptocurrency sector.
An external cybersecurity firm commissioned by BitoPro concluded that the attack bore hallmarks consistent with Lazarus’s past operations—spear-phishing tactics aimed at deceiving employees and ultimately gaining unauthorized access to internal systems.
Prior to the breach, Lazarus had already successfully lured a BitoPro employee into a phishing trap, leading to the installation of sophisticated malware on the target’s machine. This malware was engineered to evade the company’s antivirus software, endpoint protection solutions, and cloud-based security systems.
Once the malicious software had been deployed, the group observed the employee’s routine activities, waiting for the optimal moment to act without raising red flags within BitoPro’s security operations. The compromised employee was primarily responsible for cloud operations and held administrative access to the company’s Amazon Web Services (AWS) infrastructure.
Ultimately, the attackers bypassed BitoPro’s multi-factor authentication by hijacking the session token during the AWS connection phase. They then linked BitoPro’s AWS environment to their own command-and-control servers and issued malicious commands that were relayed to the servers managing hot wallet transactions.
At approximately 1:00 a.m. on May 9, the hackers initiated what appeared to be legitimate transactions and began siphoning cryptocurrency from BitoPro’s hot wallets to undisclosed addresses. The heist continued until the exchange’s wallet monitoring system flagged the anomaly, triggering an internal alert. BitoPro’s security team quickly intervened and halted the attack.
The breach ultimately cost BitoPro $11.5 million. However, given the scale of its operations, the platform opted to absorb the financial hit entirely, ensuring that no user funds were affected.
This incident once again underscores a sobering truth in cybersecurity: human error remains the weakest link. With groups like Lazarus continuously refining their social engineering tactics, the threat of similar breaches looms ever large on the horizon.
Related Posts:
- BitoPro Silent on $11.5M Hack: Investigator Uncovers Massive Crypto Theft
- Unraveling North Korea’s $3 Billion Crypto Heist Empire
- Bitfinex Hacker Sentenced to 5 Years for Massive Bitcoin Heist and Laundering Scheme
- Temptation from Money: Lazarus APT extended to cryptocurrencies
- Typosquatting & Backdoors: Lazarus’ Latest npm Campaign
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
