A significant cybersecurity breach has occurred at the Turkish cryptocurrency exchange BTCTurk, resulting in the theft of approximately $48 million from its hot wallet. The attack, uncovered by Cyvers Alert, involved the transfer of assets across multiple blockchain networks, including Ethereum, Avalanche, Arbitrum, Base, Optimism, Mantle, and Polygon. Initial signs of the breach were detected through a series of suspicious withdrawals that triggered alerts from monitoring systems. The hacker has been continuously extracting new tokens, indicating ongoing exploitation of the compromised wallet.
The stolen assets comprised a diverse range of digital currencies, such as ETH, SOL, and various Layer 2 tokens. After initially withdrawing from Ethereum and Solana, the attacker began targeting BNB Chain assets and executing trades on PancakeSwap. The hacker notably used MetaMask swaps to efficiently consolidate assets into ETH, demonstrating the rapid transaction capabilities within crypto ecosystems. Despite the exchange halting user deposits and withdrawals, the compromised wallet continued to transfer assets to the attacker’s addresses, indicating complete control over the hot wallet.
The stolen funds were initially distributed across two Ethereum ecosystem wallets and one Solana wallet. The Solana wallet, active since June, exhibited unusual activity post-attack, including a transfer to an address labeled “PNUT Whale.” It received a mix of tokens before further transfers. The final known Solana address holds $6.09 million in assets, mainly in stablecoins and liquid meme tokens.
Most of the stolen assets, over $34 million, were consolidated into two Ethereum-based wallets. The first wallet contained more than $17.5 million in ETH and smaller amounts from top Layer 2 chains, while the second held $16.8 million in ETH and niche tokens. The attacker appears to be preparing for further value extraction through decentralized exchanges, as no traceable mixing activity has been observed so far.
This incident occurs amid a recent increase in crypto exchange attacks since July 2025. Unlike previous breaches that often targeted smart contracts or decentralized projects, this case underscores the vulnerability of centralized hot wallets, which, while operationally convenient, pose significant security risks. BTCTurk, which processes around $300 million in daily trading volume, has faced criticism for its limited security features and low trust scores across many trading pairs.
Market reactions have been mixed, with BTC dropping to around $118,000 and ETH falling to $4,539.83 following the news. The aggressive swapping of tokens like OP into ETH also contributed to sharper declines in those assets. Analysts suggest that while the direct market impact seems limited, the incident will likely fuel discussions on regulatory and operational standards in the crypto industry.
