BtcTurk Hack

On August 14, 2025, BtcTurk—Turkey’s second-largest CEX with 7M+ users—lost ~$48M in a multi-chain hot wallet compromise mirroring its June 2024 $55M breach, where attackers accessed private keys to drain ETH, AVAX, ARB, BASE, OP, MANTLE, and MATIC assets from hot wallets, consolidating into two addresses before swaps via MetaMask. Cyvers flagged unusual outflows 30min pre-alert; BtcTurk suspended crypto deposits/withdrawals (trading/fiat intact), assured cold-stored user funds safe via reserves, and collaborated with CertiK/SlowMist/authorities for tracing (estimates: Lookonchain $23M, CertiK $50M). Amid 2025’s $4.3B H1 losses (Bybit $1.5B dominant), this OpSec repeat—post-CEO exit—exposes key storage flaws, urging multi-sig caps, independent vaults, and behavioral monitoring to cap $48M CEX drains in emerging markets.