BtcTurk

BtcTurk Hack — June 22, 2024

What Happened

On June 22, 2024, BtcTurk — Turkey's largest cryptocurrency exchange — suffered a hot wallet breach resulting in ~$54M in cryptocurrency theft.

Root Cause: Hot Wallet Private Key Compromise

• Attack hit 10 of BtcTurk's hot wallets simultaneously

• Most likely vector: compromised private keys (exact method not publicly disclosed)

• Pattern consistent with social-engineering / spear-phishing of operations team

Attribution: Lazarus Group (DPRK)

• Investigation linked the attack to Lazarus Group

• Over $35M of the stolen funds laundered through Huione Guarantee — a marketplace frequently associated with North Korean money laundering

• 2024 was peak Lazarus year for crypto exchange targeting (Bybit $1.4B, DMM Bitcoin $304M, WazirX $235M, BingX $44.7M, Indodax $25.2M, Phemex $85M, BtcTurk $54M)

Asset Protection

• Majority of BtcTurk's reserves were in cold wallets — unaffected

• Customer balances (the cold-stored portion) covered

• The ~$54M loss was hot-wallet operating capital

Response

• BtcTurk halted withdrawals

• Binance assisted: froze ~$5.3M of stolen funds en route to its platform

• Investigation conducted with Turkish law enforcement

• Operations resumed within a week

Note: Second BtcTurk Hack

A second BtcTurk incident occurred on August 14, 2025 (~$48M-$51.7M, also hot-wallet hack). See folder 060_btcturk for that incident.

References

• https://www.halborn.com/blog/post/explained-the-btc-turk-hack-june-2024

• https://blockchaingroup.io/compliance-and-regulation/top-10-crypto-losses-of-2024-hacks-frauds-and-exploits/

• https://medium.com/coinmonks/the-biggest-crypto-hacks-of-2024-ebf41744a936

• https://www.halborn.com/blog/post/year-in-review-the-biggest-defi-hacks-of-2024