BtcTurk Hack — August 14, 2025 (second incident)
What Happened
On August 14, 2025, BtcTurk — Turkey's second-largest cryptocurrency exchange — suffered its second major hot-wallet breach in 14 months. Approximately $48–51.7M in digital assets compromised in a coordinated multi-chain attack.
Root Cause: Hot Wallet Compromise (multi-chain)
• Suspicious activity first flagged by Cyvers blockchain security firm
• Drain spanned 7 networks: Ethereum, Avalanche, Arbitrum, Base, Optimism, Mantle, Polygon
• Attacker consolidated funds into 2 addresses before rapid liquidation via decentralized exchanges
• Pattern mirrored the June 2024 incident ($54M, see folder 058_btcturk) — same exchange, same hot-wallet attack vector
Notable Repeat Pattern
• Two major hot-wallet breaches within ~14 months suggests:
• Incomplete remediation of June 2024 vulnerabilities
• Ongoing operational security weaknesses in BtcTurk's hot wallet infrastructure
• Possible same threat actor (Lazarus suspected for June 2024 incident)
Asset Protection
• Majority of customer assets remained in cold storage — unaffected
• Trading services and Turkish Lira transactions continued during the response
Response
• Crypto deposits and withdrawals paused immediately upon detection
• Investigation with on-chain security firms ongoing
• Public statement assured cold-stored customer balances were safe
Significance
• Highlights ongoing CEX hot-wallet security gap, especially at regional exchanges
• Reinforced industry call for wider use of MPC (multi-party computation) wallet management
• Part of 2025 trend: $2.17B+ stolen by July 17 already matching all of 2024
References