A major cryptocurrency trading platform has been hit by a massive security breach, with hackers draining over $112 million from wallets linked to Bitcoin, Ethereum, Solana, and Avalanche. The full extent of the damage could grow as the investigation unfolds.
The breach came to light late Tuesday after users began reporting unauthorized withdrawals and missing balances. Within hours, on-chain investigators confirmed unusual outflows from the platform’s hot wallets, triggering alarm across the crypto community.
According to cybersecurity experts, the attackers gained access through compromised API keys and weak access controls, allowing them to sign and approve transactions across multiple networks. In response, the platform — which remains unnamed due to ongoing investigations — has suspended all withdrawals and launched an internal audit.
As is common in sophisticated crypto hacks, the stolen assets were quickly converted into privacy coins and bridged across chains, making them harder to track. Tools like Tornado Cash and other mixing protocols were reportedly used to cover the attackers’ tracks.
Here’s What Was Stolen — and How
Preliminary reports suggest the losses were spread across four major blockchain networks:
-
Bitcoin (BTC): $42.3 million
-
Ethereum (ETH): $36.1 million
-
Solana (SOL): $21.4 million
-
Avalanche (AVAX): $12.2 million
Investigators believe the exploit occurred in stages. Hackers first infiltrated internal systems via insecure APIs, then launched a series of batch withdrawals that quickly emptied hot wallets. On-chain monitoring services like PeckShield and MistTrack flagged the suspicious activity within hours, but by then, the majority of funds had already been siphoned off.
Security researchers have identified several points of failure — poor key management, lack of API rate-limiting, and inadequate transaction verification — all of which gave attackers the freedom to move assets undetected.
One particularly troubling discovery was a multisig wallet setup with signer overlap across different chains. This risky configuration gave attackers broader access once they compromised a single signer, enabling them to drain funds across multiple networks.
What Happens Now?
Authorities and blockchain forensic teams are now working together to trace and possibly recover the stolen assets. However, with much of the money already passed through anonymizing tools, the chances of full recovery appear slim.
The affected platform has issued a brief public statement:
“We are aware of the security breach affecting multiple assets. Our team is investigating the situation thoroughly and has engaged leading security firms to assist. User security remains our top priority, and we will provide updates as the investigation progresses.”
This latest incident adds to a growing list of major crypto hacks in 2025, pushing total crypto-related thefts this year to nearly $3.3 billion.
Security experts are once again calling on exchanges and platforms to rethink how they manage sensitive infrastructure, urging the industry to adopt stronger access protocols, hardware-secured wallets, and routine third-party audits.
The message is clear: in a space where billions move at the speed of code, outdated security practices are no longer an option.