BtcTurk suspends operations amid alleged $49M hot wallet heist – Source: go.theregister.com

Turkish cryptocurrency exchange BtcTurk is halting all deposits and withdrawals amid fears that blockchain bandits succeeded in significantly compromising its hot wallets.

“During our routine checks on August 14, 2025, we detected unusual activity in our hot wallets. As a precautionary measure, we have temporarily suspended all cryptocurrency deposit and withdrawal transactions,” it said in a statement.

“The vast majority of digital assets are securely stored in our cold wallets, which remain unaffected. Thanks to BtcTurk’s solid financial position and security measures, customer assets are safe and secure. Trading activities on our platform continue without interruption.

“Our technical teams are conducting a detailed investigation, and we will provide further updates through our official channels as necessary.”

Experts at blockchain security and data analytics company PeckShield told The Register they initially suspected that the private key for the exchange’s hot wallets may have been leaked.

For the uninitiated, hot wallets refer to software-based tools that crypto enthusiasts can use to manage their tokens. They’re protected by seed phrases and private keys, but are also connected to the internet, which increases the risk that they could be taken over. 

Cold wallets usually take the form of a piece of hardware, such as a thumb drive, and carry a wallet’s private keys. They swap convenience for security, and are often used to store the most valuable assets.

For an exchange like BtcTurk, both are required to facilitate normal business. There must be enough funds in the hot wallet to support regular transactions and user demands, while cold wallets must be used to store the majority of its assets.

BtcTurk’s total losses, which are available for public examination, appear to be in the $49 million region, spread across various tokens.

PeckShield said it believes that at the time of the exchange’s announcement, the attacker behind the wallet raid had begun exchanging tokens – changing blockchains to obfuscate analysis and make tracing the stolen tokens more tricky.

At the time of writing, around half of the total stolen appeared to have been exchanged to Ethereum, it claimed, with analysts said the exchange will have difficulty recouping the lost funds.

Asked about the likelihood of BtcTurk being able to recover the crypto tokens, Xuxian Jiang, founder and CEO at PeckShield, said: “The BtcTurk team will need to negotiate with the hacker. Based on previous experience, the chance may be low, though.”

BtcTurk is not one of the more well-known exchanges in the Western world, but according to BtcTurk’s Google Play app listing, the platform boasts a sizable following with more than 6 million registered users.

Web3 is going great

Given the potential for a big payday, attackers are known to routinely target crypto exchanges in search of a hefty wallet to drain.

North Korea is a particularly coin-hungry regime, and when it isn’t implanting techies into the US workforce, there’s a good chance that members of its state-backed crew are trying to break into a big exchange, although there is nothing to suggest it was behind the attack on BtcTurk.

It was fingered for five major heists in 2024, however, worth a reported $659 million that authorities suspect will be funneled into its military, and a little into the Supreme Leader’s own pocket too, no doubt.

• CoreWeave CFO: $25B raised in debt and equity in 18 months
• Nvidia warns its GPUs – even Blackwells – need protection against Rowhammer attacks
• X’s new ‘encrypted’ XChat feature seems no more secure than the failure that came before it
• RSA cofounder: The world would’ve been better without cryptocurrencies

That was just a warm-up, though, because its biggest hit came earlier this year when it attacked Dubai-based Bybit. That single raid was worth an estimated $1.5 billion.

Elsewhere, 2024 was a big year for crypto thefts, from supply chain attacks at LottieFiles to hits on major industry players like Monero and Atomic Wallet, the latter being another certified NORK job.

That same year, researchers at Check Point issued a call to wallet providers to shore up their security after it pointed to growing numbers of attacks exploiting Ethereum’s CREATE2 opcode, turning transaction-validating smart contracts against users. ®