BtcTurk crypto exchange loses $48 million to hackers - Coinfea

Hackers have struck Turkey’s largest crypto trading platform, BtcTurk, reportedly stealing over $40 million from its hot wallets.

According to reports, the incident is the third incident involving the exchange in the past two years. BtcTurk, among the oldest cryptocurrency exchanges operating in Turkey, confirmed that its attackers had unauthorized access to its hot wallets, allowing them to withdraw funds through several blockchain networks, including Ethereum, Arbitrum, and Polygon.

BtcTurk says the situation is now contained

According to an X post published by blockchain security firm AnChain, the total losses from the incident amounted to $48 million. The stolen assets were eventually consolidated into a single address used for laundering the funds through subsequent transactions. BtcTurk has yet to provide any information about the incident.

However, several news publications and accounts on X claimed the exchange said the breach was contained. The exchange supposedly temporarily stopped withdrawals and started internal investigations alongside technical checks. BtcTurk has assured customers that the majority of user funds were not affected, as most assets are stored offline in cold wallets.

This incident comes on the back of a previous hack incident last August. The exchange confirmed social media claims suggesting that around $38 million had been stolen during another hack. At the time, the company also stated “all security measures were taken” to protect user funds. Dialing back to June 2024, BtcTurk suffered a similar incident that saw $55 million disappear on a whim.

In a post on X during the August incident, BtcTurk said, “During the checks carried out on August 14, unusual movements were detected in our hot wallets. As a precautionary measure, cryptocurrency deposits and withdrawals have been temporarily suspended. They will be reopened once the work is completed.” BtcTurk is a low-score exchange with questionable security features compared to global peers, according to Cryptopolitan’s investigations.

Many of its trading pairs reportedly have low individual trust scores and thin liquidity, and such conditions make it daunting for local crypto users. Security specialists believe that the immediate financial damage from the January hack may not be the end of the threat facing BtcTurk users. According to AnChain, exchange breaches come just before so-called secondary scams, which may exploit fear and confusion among affected customers and trick them further into willingly issuing out their passwords.

Hackers may take advantage of the frenzy and impersonate exchange support teams, send emails or SMS messages, lying to creditors about compensation or refund plans. They could ask recipients to connect their wallets to an external service to verify eligibility, which could turn out to be a phishing platform that drains their funds.