On June 22, 2024, BtcTurk — Turkey's largest cryptocurrency exchange — detected unauthorized activity in its hot wallets. Total losses were reported at approximately $55 million across at least ten tokens, with the largest individual losses on Avalanche, Bitcoin and Ethereum.
What happened
BtcTurk attributed the breach to a compromise of its hot wallets and emphasised that customer assets held in cold storage were unaffected. As is typical for exchange hot-wallet compromises, the underlying cause appears to have been a private-key or signing-server compromise rather than a smart-contract or protocol bug — though BtcTurk did not publish a detailed technical post-mortem.
Within hours of the breach, Binance CEO Richard Teng publicly confirmed that Binance's compliance team had identified and frozen approximately $5.3 million of the stolen funds as they passed through Binance addresses during laundering.
Aftermath
- BtcTurk paused deposits and withdrawals for affected assets and announced full compensation for affected users from corporate reserves.
- Withdrawal services were resumed in phases over the following weeks.
- Outside the $5.3M frozen by Binance, the rest of the funds were laundered through bridges and mixers.
Why it matters
BtcTurk was a small reminder that exchange-to-exchange cooperation is a meaningful recovery channel. Compliance teams at major exchanges flag, freeze and (sometimes) return stolen funds when they cross their detection surface — the difference between a $50M loss and a $44M loss depends on how fast that pipeline operates.
Sources & on-chain evidence
- [01]medium.comhttps://medium.com/coinmonks/top-5-crypto-hacks-of-2024-more-than-2-billion-lost-36crypto-559a481eff9c
- [02]blockchaingroup.iohttps://blockchaingroup.io/compliance-and-regulation/top-10-crypto-losses-of-2024-hacks-frauds-and-exploits/