In August 2025, BtcTurk, a Turkish CEX, suffered its second major hack in a little over a year. This time, the attackers stole an estimated $48 million from the exchange’s hot wallets.
Inside the Attack
The 2025 attack on BtcTurk was a less expensive mirror of its June 2024 incident. In both cases, the attacker gained access to the private keys used to manage the protocol’s hot wallets.
With this access, the attackers were able to drain funds from these wallets. In 2024, the CEX lost approximately $55 million, while the more recent incident resulted in approximately $48 million being stolen from the exchange across seven blockchains. These funds were then consolidated into a few different accounts.
After identifying the incident, the BtcTurk team halted deposits and withdrawals on its systems. Initial communications pointed to a “technical issue” with hot wallets but assured users that cold wallets and user funds were safe.
Lessons Learned from the Attack
The BtcTurk hack demonstrates the importance of implementing security best practices for blockchain wallets, especially high-value hot wallets. The CEX suffered two major hacks within the space of 14 months, both involving tens of millions in losses and compromised private keys. The first incident even caused the CEO to leave the company, but apparently didn’t drive significant changes to private key security.
In 2025, attackers have increasingly focused on off-chain security practices, targeting insecure processes, private keys, and backend infrastructure more than before. This means that DeFi projects can’t rely on a smart contract audit alone to protect themselves against multi-million dollar security incidents.
Some key elements of a private key security strategy include:
Multi-Sig Wallets: Relying on a single private key to secure a blockchain account makes for an easy target for an attacker. Multi-sig or MPC wallets require multiple signers to approve transactions, increasing the difficulty of carrying out an attack.
Wallet Value Caps: Blockchain wallets are fairly easy to set up and configure, requiring the user to just generate the necessary keys. Exchanges should split funds across multiple hot wallets to minimize the potential impacts if one is compromised.
Independent Key Storage: Storing private keys for multiple accounts in the same location means an attacker who can access one can access them all, as demonstrated by the multi-chain exploit of BtcTurk’s hot wallets. Private keys should be independently stored and secured to minimize the risk that an attacker can steal more than one.
Halborn can help your organization design and implement security protocols to prevent compromised private keys and other security incidents. Get in touch to speak to one of our security experts.