Hacker hits BTCTurk exchange for $48M in hot wallet exploit

The Turkish exchange BTCTurk is undergoing an exploit affecting multiple chains. The initial estimate of losses is up to $48M. 

The Turkish centralized exchange BTCTurk is the victim of a multi-chain attack. The initial estimate is for $48M in losses from various coins and tokens. Cyvers Alert noticed the attack after a series of suspicious withdrawals from the exchange’s hot wallet, affecting Ethereum, Avalanche, Arbitrum, Base, OP, Mantle, and Polygon. 

🚨ALERT🚨$48M worth of digital assets have been detected in unusual activity across multiple chains involving Turkish exchange @btcturk

About 30 minutes ago, our system detected multiple alerts across $ETH, $AVAX, $ARB, $BASE, $OP, $MANTLE, and $MATIC networks. Most funds were… pic.twitter.com/ss4a7O2hUd

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) August 14, 2025

The hack may still be ongoing, with other sources estimating up to $50M in losses. The hacker continued to receive new tokens every minute. After the initial hack on ETH and SOL, the attacker is also taking BNB Chain assets and trading through PancakeSwap. Through one of the wallets, the hacker is also using the expensive but fast MetaMask swaps to move more funds into ETH. 

Despite the fact that the exchange halted deposits and withdrawals for users, the compromised wallet keeps sending tokens to the attacker’s addresses. The hacker may have full control of the hot wallet, which allows them to access assets from within. 

BTCTurk is a low-score exchange with limited security features, where most of the trading pairs have low individual trust score and liquidity. The market operator handles around $300M in volumes, of which 75% against the Turkish lira.  

The centralized exchange attack arrived after a pickup in hacking cases since July, as Cryptopolitan reported. Most of the recent hacks affected smart contracts and decentralized projects, with fewer attacks targeting exchange hot wallets. 

BTCTurk hacker tries to launder funds

The proceeds from the hack were sent to two Ethereum ecosystem wallets and another one on Solana. The Solana wallet was created 56 days ago and has shown activity since June. 

The Solana wallet also performed puzzling operations after the hack, moving funds to another wallet tagged as “PNUT Whale.” 

The initial attack wallet received MELANIA, TRUMP, PYTH, WIF, PENGU, PUMP, and SOL, before sending the tokens to another wallet, using the PNUT Whale wallet as an intermediary. 

In the end, the assets from Solana were parked in the last known address, with a total balance of $6.09M. 

The hacker now holds highly liquid meme tokens, SOL, and stablecoins. Those tokens may be swapped on DEX, but not mixed without a trace. 

BTCTurk hacker mostly holds ETH

ETH made up the bigger part of the recent hack, with over $34M spread into two Ethereum-based wallets. The first wallet contained more than $17.5M in ETH, along with smaller hauls from the top L2 chains. 

The second wallet held upward of $16.8M in ETH, L2 tokens, and smaller niche chains like Mantle and Moonbeam. The BTCTurk exchange trades multiple small-scale tokens, making up over 70% of all volumes. 

To consolidate the funds, the hacker immediately swapped out most minor assets into ETH.

The crypto market is also suffering a slide, with BTC sliding to the $118,000 range, just hours after its all-time record above $124,000. ETH sank to $4,539.83, while SOL sank to $194. Some of the affected tokens like OP had a sharper drop as they were swapped out aggressively into ETH.

Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.