BigONE Exchange Grapples with $27 Million Loss
The cryptocurrency landscape has once again been shaken by a significant security breach. Crypto exchange BigONE has fallen victim to a sophisticated third-party attack, resulting in an estimated loss of approximately $27 million. The incident, which targeted the exchange’s hot wallet infrastructure, underscores the persistent vulnerabilities that plague the digital asset space. News of the hack emerged on July 16th, with BigONE promptly acknowledging the issue and initiating damage control procedures.
Details of the Attack and Immediate Response
BigONE‘s internal monitoring systems flagged the abnormal asset movements, triggering immediate investigation. Their findings confirmed the worst: a third-party actor had successfully breached the exchange’s security protocols. While the exchange maintains that all private keys remained secure, the attacker managed to drain funds from the hot wallet. The team, in collaboration with blockchain security firm SlowMist, has been working diligently to trace the attacker’s wallet addresses and monitor the flow of stolen funds.
Assets Targeted in the Breach
The stolen assets represent a diverse portfolio of cryptocurrencies, including 120 Bitcoin (BTC), 350 Ether (ETH), millions of USDt (USDT) across various blockchains, and significant holdings of altcoins such as CELR, SNT, and SHIB. This breadth of compromised assets highlights the attacker’s strategic approach and potential for maximizing illicit gains. The exchange has pledged to fully cover all losses, assuring users that their assets will be protected.
Security Gaps and Attacker’s Tactics
Blockchain security firm Cyvers offered insights into the likely attack vector. According to their findings, the attackers exploited the platform’s production network, possibly through compromised CI/CD or server management channels. The breach began with the deployment of malicious binaries on account-operation servers, followed by unauthorized withdrawals. The attacker swiftly consolidated the stolen assets into a single external address, likely for laundering purposes. Cyvers also identified several key security gaps that contributed to the incident, including single-point failures in hot-wallet management and insufficient code integrity controls. The attackers converted the stolen funds to WETH/ETH and routed them through various intermediaries.
The Broader Context of Crypto Security Threats
The BigONE hack is a stark reminder of the ongoing challenges in safeguarding digital assets. This incident comes on the heels of other recent exploits, emphasizing a concerning trend. The first half of 2025 has seen over $2.47 billion in losses due to hacks, scams and exploits, a significant increase compared to previous years. As the cryptocurrency market continues to expand, robust security measures are more critical than ever. Exchanges, platforms, and individual users must proactively implement comprehensive security practices to mitigate these risks.
Looking Ahead
BigONE‘s rapid response and commitment to covering user losses are crucial steps in managing the fallout. However, the incident serves as a crucial learning opportunity for the entire crypto community. By understanding the attack vectors, security lapses, and attacker methodologies, the industry can collectively fortify its defenses and safeguard the future of digital finance.
