• BTCTurk halted crypto transfers after a suspected $48 million exploit hit its hot wallets across several networks.
• The attacker moved stolen assets into Ethereum and liquid tokens with funds traced to two main Ethereum wallets.
• The breach also involved Solana where a tagged wallet called PNUT Whale held meme tokens SOL and stablecoins.

BTCTurk has paused cryptocurrency deposits and withdrawals after a suspected exploit affecting its hot wallets. Blockchain security firms detected irregular fund movements across multiple networks. The breach is estimated to involve over $48 million in stolen assets.

The attack impacted Ethereum, Avalanche, Arbitrum, Base, Optimism, Mantle, and Polygon networks. Cyvers Alerts first flagged suspicious activity on Thursday. Analysts traced the stolen assets to two main Ethereum wallets. One wallet held over 17.5 million ETH and small amounts of Layer-2 coins. The second contained around 16.8 million ETH alongside tokens from niche networks.

Asset Movement and Conversion Strategy

The attacker quickly converted stolen assets into Ethereum and other liquid tokens. Minor assets on Ethereum were exchanged into ETH to simplify liquidation. This process included using MetaMask swaps, despite higher fees, to move funds faster. Transfers have slowed, but token inflows to the hacker’s wallets continue.

The attacker also operated on Solana. Assets moved through a tagged wallet called “PNUT Whale,” which stored meme tokens, SOL, and stablecoins. This wallet showed activity weeks before the breach. The final Solana balance exceeded $6 million.

BTCTurk Response and Operations

BTCTurk announced that deposits and withdrawals were temporarily halted due to a technical issue with hot wallets. The exchange stated that Turkish lira transactions and crypto trading remain active. However, there has been no official acknowledgement labeling the incident as a hack. The company is expected to release further updates as investigations proceed.

The breach follows a June 2024 incident in which BTCTurk hot wallets were also compromised. Ten different cryptocurrencies were affected in that case. User balances were reportedly protected. Binance later helped freeze $5.3 million connected to the stolen funds.

Ongoing Trend of Crypto Thefts

This latest event comes amid a rise in large-scale crypto thefts since July. Hackers stole $142 million in July across 17 incidents, compared to $111 million in June. While the total is lower than the $266 million stolen in July 2024, the figures remain significant.

Market analysts note that breaches in centralized exchanges occur less often than in decentralized finance. However, the multi-chain nature of this attack shows that exchange hot wallets remain attractive targets for hackers.