Losses exceed $48 million in Turkish exchange BTCTurk theft: Funds traced

Turkish cryptocurrency exchange BTCTurk suffered a hack resulting in over $48 million stolen from multiple on-chain hot wallets. Key details include:

Stolen Funds: Abnormal outflows exceeded $48 million across chains like Bitcoin, Ethereum, Avalanche, Arbitrum, Base, Optimism, and Polygon.
Hacker Addresses: Identified transfer and deposit addresses (e.g., 0xa041feb3..., bc1q3xgy...) were shared for tracking.
Investigation: Beosin Trace tool mapped fund flows on EVM and Bitcoin chains, adding hacker addresses to its blacklist.
Security Gaps: Cause undisclosed, but internal checks on operational security, mnemonic management, and signature devices are needed.
Broader Issue: Exchange hacks persist as a critical Web3 challenge, demanding collaboration among exchanges, security firms, and regulators.

Recently, the cryptocurrency exchange BTCTurk announced that it had been hacked, with over $48 million in funds flowing out of multiple on-chain hot wallets. The Beosin security team analyzed the incident and tracked the funds, sharing their findings below:

The hot wallet addresses where funds have been transferred are as follows:

0xde2faca4bbc0aca08ff04d387c39b6f6325bf82a

0x2cea0297bfb1b55ff37126b677d78e2b1fd2e856

0xb5a46bc8b76fd2825aeb43db9c9e89e89158ecde

Involving chains such as Bitcoin, Ethereum (ETH), Avalanche (AVAX), Arbitrum (ARB), Base (BASE), Optimism (OP) and Polygon (POL).

The following hacker transfer addresses are currently detected:

0xa041feb3a8297c5689fee180083164a061a17fd6

0xb4b537626e21df5386cf167d1e654b38785056cc

0x7d91d1ebeba91257733a523409125aedac5d8b6e

The hacker’s deposit address is as follows:

0x0fe41fe8786329fb6bd8f2baa73aa55e770f0951

0x95ab53305bc71d0e6e2d46f2e62690599cbc87fc

0xddfa0884f32d0d210597a996060fbdb5b068b0ea

bc1q3xgyvmfk6mw6zvhjklsw7v8wl2dk0xtm35ulut

Using the Beosin Trace tool to track the stolen funds, we can obtain the following flow chart of the main stolen funds on the EVM chain and the Bitcoin chain:

 Beosin Trace EVM chain funds analysis chart

 Beosin Trace Bitcoin chain capital analysis chart

The cause of the BTCTurk hot wallet attack remains undisclosed. Investigations and evidence collection are needed to assess the exchange's internal operational security, signature device security, mnemonic phrase management, and signature environment security. Similar exchange security incidents have occurred numerous times before.

Exchange security remains a major challenge in the Web3 ecosystem, requiring continuous efforts and collaboration from exchanges, security companies, regulators, and law enforcement agencies. Beosin Trace has added the hacker addresses associated with this incident to its blacklist and will continue tracking them.