On May 9, 2025, Taiwan-based BitoPro suffered a cryptocurrency theft that forensic findings later said resembled Lazarus Group tradecraft. Attackers socially engineered a cloud operations employee, implanted malware, hijacked AWS session tokens to bypass MFA, reached the hot-wallet host during a wallet upgrade and asset-transfer window, and simulated legitimate transactions to move cryptocurrency.