BigONE Crypto Exchange Suffers $27 Million Hot Wallet Breach
Seychelles-based cryptocurrency exchange BigONE has confirmed a major security breach that resulted in the loss of over $27 million following a targeted attack on its hot wallet infrastructure.
According to BigONE’s official statement, the exploit was detected in the early hours of July 16 after the platform observed irregular outgoing transactions.
A subsequent investigation revealed that the incident stemmed from a third-party supply chain attack specifically targeting the exchange’s hot wallet.
According to the official statement, the crypto exchange lost 120 BTC, 350 ETH, 1,800 SOL and around 8.54 million USDT across four different networks.
It also lost funds in eight different cryptocurrencies, including DOGE, SHIB and CELR.
The breach was first announced by Blockchain security firm SlowMist, identifying the attack as a supply chain compromise.
A supply chain attack occurs when a malicious code was injected into components of BigONE’s production environment.
This manipulation altered the behavior of servers responsible for account management and risk controls, enabling unauthorized withdrawal of user funds.
Notably, SlowMist reassured users that the exchange's private keys were not leaked during the incident.
ZachXBT Do Not Feel Bad For BigOne
BigONE has stated that it quickly identified and contained the attack path to prevent additional losses.
BigONE has also assured users that it will cover all the losses incurred from this incident, adding that it has activated its internal security reserves to cover the full amount lost.
Deposit and trading services are expected to resume as system integrity is restored.
Additionally, BigONE is working closely with SlowMist to trace the attacker and the flow of stolen assets across blockchain networks.
Interestingly, on-chain investigator ZachXBT have commented on the whole saga saying it does not sympathize with BigONE's losses.
ZachXBT alleged that BigONE has a history of facilitating transactions linked to illicit activities, such as pig butchering, romance, and investment scams.
"I do not feel bad for the team as this CEX processed a good bit of volume from pig butchering, romance, investment scams."
Founded in 2017 in China, BigONE has grown into an international crypto trading platform.
According to CoinGecko data, the exchange processed $684 million in trading volume in the 24 hours preceding the attack.