Massive Disappearance of 27 Million in BigONE Hack, Yet the Most Staggering Aspect of the Cyber Assault Remains
In a shocking turn of events, the crypto exchange BigONE suffered a targeted attack on July 16, 2025, resulting in a loss of approximately $27 million in digital assets across various blockchains. The attack, which went undetected until unusual asset flows triggered internal alarms, highlights the growing concern about infrastructure-focused attacks in the Web3 space.
The attacker exploited a vulnerability in BigONE’s supply chain, specifically a third-party service or software, to gain control of the production environment. This access enabled them to modify the account and risk control logic on the production servers, particularly those managing the hot wallet infrastructure. By bypassing verification and withdrawal controls, the hacker effectively turned legitimate withdrawal processes into unauthorized ones without the need to steal private keys.
BigONE has assured its users that all losses will be covered, and trading and deposits have resumed after security upgrades. However, withdrawals remain paused pending enhanced security reviews. The exchange has activated its internal security reserves, including BTC, ETH, USDT, SOL, and XIN, to restore affected balances.
The stolen funds spanned multiple blockchain networks, including Ethereum, Bitcoin, Tron, Solana, and Binance Smart Chain. Multiple wallet addresses tied to the attacker have been flagged by SlowMist on Ethereum, BSC, Bitcoin, Tron, and Solana. Major platforms like Binance and OKX are monitoring for any suspicious deposits from these addresses.
Users are advised to monitor announcements for wallet reactivations and compensation status. To prevent future incidents, BigONE encourages users to enable 2FA and withdrawal whitelists for transactions. Users are also advised to avoid transferring assets to flagged hacker addresses to prevent blacklisting.
The incident mirrors earlier exploits such as the Harmony Bridge hack and the attack on Ankr's validator infrastructure. A comprehensive inspection of backend server configurations and deployment logic is underway. The hacker could try to launder ETH and USDT through obscure DEXs or bridges, so users are urged to exercise caution.
BigONE has also promised to launch a transparency portal to track compensation and wallet restoration progress. For other affected tokens, the exchange is sourcing liquidity through third-party borrowing to refill the depleted hot wallets.
In a statement, BigONE emphasized that the attack targeted servers tied to account logic and risk control, allowing unauthorized fund withdrawals from the exchange’s hot wallet. Despite the severity, private keys were not exposed or stolen. The exchange has taken immediate action to strengthen its security measures and prevent similar incidents in the future.
- The attack on BigONE's exchange revealed a growing concern about infrastructure-focused attacks on Web3 platforms.
- The hacker exploited a vulnerability in BigONE's supply chain, specifically a third-party service or software.
- By bypassing verification and withdrawal controls, the hacker turned legitimate withdrawal processes into unauthorized ones without stealing private keys.
- BigONE assures its users that all losses will be covered and deposits have resumed after security upgrades.
- The stolen funds spanned multiple blockchain networks, including Ethereum, Bitcoin, Tron, Solana, and Binance Smart Chain.
- Users are advised to monitor announcements for wallet reactivations and compensation status.
- To prevent future incidents, BigONE encourages users to enable 2FA and withdrawal whitelists for transactions.
- The hacker could try to launder ETH and USDT through obscure DEXs or bridges, so users are urged to exercise caution.
- BigONE plans to launch a transparency portal to track compensation and wallet restoration progress.
- In a statement, BigONE emphasized that the attack targeted servers tied to account logic and risk control, allowing unauthorized fund withdrawals from the exchange’s hot wallet, but private keys were not exposed or stolen.
