HOYA BIT hot wallet attacked! Emphasizing user asset security, responds again to three major community questions

Taiwan Cryptocurrency Exchange HOYA BIT Confirms Hot Wallet Attack, Abnormal Fund Withdrawals Occurred. The official emphasizes that 85% of user assets are stored in cold wallets, ensuring fund security. Systems have now been reinforced and operations have resumed normally.

On-chain data shows abnormal cash flow; HOYA BIT confirms hot wallet attack

Early this morning, an on-chain analyst on Threads observed that a wallet address associated with a specific exchange (address start: 0xBA5cfbc) exhibited abnormal activity. Within a very short period, the balance plummeted, suspected to be an attack. A total of 147 transactions were consecutively transferred out, amounting to approximately 1 million USD, raising community concerns about the exchange’s security.

Image source: Arkham On-chain data shows abnormal cash flow; HOYA BIT confirms hot wallet attack

In response to community concerns, Taiwan-based cryptocurrency exchange HOYA BIT confirmed earlier today that during routine operations yesterday, some hot wallets exhibited abnormal withdrawal activity. The official stressed that this attack only involved the platform’s own assets in hot wallets and did not affect user assets’ safety.

HOYA BIT Restores Timeline: Service Suspended to Block Attack Path

HOYA BIT disclosed in a statement that upon discovering the anomaly, the security team immediately activated emergency response measures. Since user withdrawals must go through hot wallets, to thoroughly block the attack path and prevent funds from cold wallets being transferred into compromised hot wallets monitored by hackers, the platform decided to suspend all services early yesterday morning.

HOYA BIT stated that during the downtime, the technical team conducted a comprehensive review and reinforcement of the hot wallet architecture, including API key replacement, signing permission adjustments, and backend access reorganization.

The official emphasized that all necessary security measures have now been completed, and the entire platform has resumed normal operations. Meanwhile, the platform has initiated third-party forensic and on-chain tracking investigations, maintaining close contact with law enforcement to ensure proper follow-up procedures.

Image source: HOYA BIT Facebook announcement

HOYA BIT Responds to Users’ Top 3 Concerns

Regarding external concerns about the handling of this incident, HOYA BIT issued a statement earlier today addressing the three main questions: “Is the incident controllable?”, “Are user assets safe?”, and “Why was the announcement delayed?”

HOYA BIT explained that the hacker attack began at 3:00 AM on January 22, 2026. After discovering the anomaly that morning, the team followed internal “Major Incident Handling Procedures” to report the incident, completing notifications to authorities, the Criminal Investigation Bureau, and the Investigation Bureau before noon.

Regarding why there was no immediate public announcement, HOYA BIT responded that since hot wallets are the only withdrawal route, the priority was to maintain the platform to block risks. Considering that attackers might still be monitoring platform activity, releasing information before full protection was in place could have posed greater risks.

Therefore, HOYA BIT chose to conduct repeated testing, investigation, and reinforcement over approximately 18 hours. Only after confirming that the risk was fully isolated did they resume online services and issue a public statement.

HOYA BIT also pledged that the amount of abnormal loss will be absorbed by the company itself. After inventory, no user assets were found to have been withdrawn or leaked. The platform will also provide a third-party security forensic report as proof.

Image source: HOYA BIT Facebook announcement HOYA BIT issued a statement this afternoon addressing the three main concerns of users (screenshot shows part of the content)

Financial Supervisory Commission Tightens Regulations on Cold and Hot Wallet Ratios to Enhance Asset Isolation Security

The incident of abnormal fund outflow from HOYA BIT also highlights the importance of proper custody regulations for virtual assets.

As previously reported by “Crypto City,” the Financial Supervisory Commission (FSC) issued an interpretive statement as early as March 2025, strictly regulating the ratio of cold to hot wallets for virtual asset custodians. The new regulation requires that firms complying with international security standards must store at least 70% of customer assets in cold wallets; if not meeting certain security standards, the cold wallet ratio must be increased to over 80%.

The FSC pointed out that cold wallets, with their offline storage capability, are more effective against cyberattacks compared to online hot wallets, thus strengthening customer asset protection and reducing market risks.

In its statement following this incident, HOYA BIT also specifically mentioned that the platform complies with FSC regulations, storing over 85% of user assets in offline cold wallets, and maintaining separation of user and platform assets. Therefore, during this hot wallet attack, user funds remained secure and unaffected.

• Click here to learn more about** cryptocurrency wallets**** (cold wallets/hot wallets).**