$27 million gone, no private keys exposed: How the BigONE hack happened
05.08.2025
20285
The Seychelles-based cryptocurrency exchange BigONE confirmed that on July 16, 2025, it suffered a crypto supply chain attack that allowed cybercriminals to drain $27 million from the exchange’s hot wallets.
What was the BigONE $27 million hack?
The Seychelles-based cryptocurrency exchange BigONE confirmed that on July 16, 2025, it suffered a crypto supply chain attack that allowed cybercriminals to drain $27 million from the exchange’s hot wallets. With a sophisticated attack, the hackers compromised the exchange’s production network and gained access to the funds without ever accessing private keys.
Interestingly, BigONE has reported that no private keys were leaked during the exploit. Instead, internal systems were manipulated to grant unauthorized fund withdrawals across various assets. As confirmed by onchain data, the attackers took 121 Bitcoin, 350 Ether, 9.69 billion Shiba Inu, 538,000 Dogecoin, and digital assets like Tether USDt and more.
“In the early hours of July 16, BigONE detected abnormal movements involving a portion of platform assets. Upon investigation, it was confirmed as the result of a third-party attack targeting our hot wallet.”
BigONE also continued to assure users that the threat was contained and that all customer private keys were secure. It concluded that the attack vulnerability had been identified and closed, removing the risk of further losses.
How the BigONE crypto exchange hot wallet exploit happened
The BigONE exchange hack was different from many of the attacks seen in recent months. Instead of using compromised private keys or smart contract vulnerabilities, this attack vector targeted weaknesses in the exchange’s back-end infrastructure.
According to HackenProof, a bug bounty platform that connects companies with cybersecurity experts, the exploit started with social engineering tactics. Criminals targeted a key BigONE developer to compromise the developer’s device. This enabled them to gain unauthorized access and permissions to the exchange.
Tracing the BigONE July 2025 crypto hack funds
Blockchain security firm SlowMist has joined the investigation. The firm is renowned for providing security audits, consultancy and attack investigations. SlowMist's X account confirmed the process hackers used to steal funds before listing the addresses used in the heist on Ethereum and BNB Chain networks.
Why understanding supply chain attack vulnerabilities is more important than ever
This incident is another dent in the trust that crypto users place in centralized exchanges. In the past, threats of exchange hacks and the preference for self-custody were often cited as best practices.
- • CoinDCX was hacked for $44 million.
- • Arcadia Finance exploited for $3.5 million.
- • GMX lost $40 million.
- • Coinbase was exploited for customer data.
#supply chain attacks#hack#cybersecurity#cryptocurrency exchanges#social engineering
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
