Unverified Bitkub ‘Hack’ Claims Spark Social Media Panic as Experts Point to Phishing
Thai regulators find no evidence of a system-wide breach at Bitkub, suggesting user losses are likely due to individual scams rather than a structural hack
- Social media reports alleging a major hack at the Bitkub crypto exchange have sparked panic among users, with some claiming significant losses.
- Despite the online panic, Thai regulators and official investigations have found no evidence of a systemic breach or an attack on the exchange's core infrastructure.
- Experts and the exchange suggest that the reported losses are likely the result of individual account compromises through methods like phishing scams, not a platform-wide hack.
- The situation is officially classified as "unverified user allegations," as neither Bitkub nor financial authorities have confirmed a security compromise.
Thai regulators find no evidence of a system-wide breach at Bitkub, suggesting user losses are likely due to individual scams rather than a structural hack.
A wave of anxiety has swept through Thailand’s digital asset community following viral social media reports alleging that Bitkub, the nation’s largest cryptocurrency exchange, has suffered a major security breach.
Despite claims from several users of losses ranging from hundreds of thousands to millions of baht, official sources and regulators have yet to confirm any structural "hack" of the platform.
The rumours began circulating earlier this week, with users sharing screenshots of emptied wallets and urging others to move their assets into Cold Wallets—offline storage devices that provide a primary defence against malware and phishing.
No Evidence of Systemic Breach
Investigations by Post Today and relevant regulatory bodies suggest that the panic may be premature. A source from the regulatory sector confirmed that while they are actively monitoring the situation, there is currently no evidence of a systemic failure.
"We have not found any data to support the claim of an attack on the exchange's core infrastructure," the source stated. "Should a broad-scale irregularity be discovered, a formal public warning will be issued immediately."
Bitkub has consistently maintained that its security protocols meet international standards, including the strict segregation of client assets.
Historically, the platform has noted that individual losses are almost always linked to "external factors" such as:
Phishing: Victims inadvertently entering credentials into fraudulent websites or apps.
Social Engineering: Scammers manipulating users into handing over private keys or security codes.
Malware: Malicious software on the user’s own mobile or desktop device.
Understanding the Difference: Individual vs Infrastructure
Cybersecurity analysts are urging the public to distinguish between an account compromise and an exchange hack.
A structural exchange hack—such as the historic $1.5 billion breach of Bybit—is a global news event that involves the penetration of a platform’s hot wallets or APIs. These events are impossible to hide and impact the entire user base.
Conversely, an account compromise targets a single individual through human error or poor password hygiene.
According to industry risk reports for 2025–2026, while technical vulnerabilities in APIs do exist, the vast majority of personal financial losses in the crypto space are the result of private key theft and sophisticated phishing campaigns.
Verified Status: 'User Allegations'
At present, the situation remains categorised as "unverified user allegations." There is no official documentation from Bitkub or the Securities and Exchange Commission (SEC) suggesting that the platform’s security has been compromised.
Experts continue to recommend that investors use multi-layered authentication (2FA) and move long-term holdings to cold storage to mitigate the persistent threat of cybercrime in the global crypto industry.
