BigONE has been exploited to the tune of 27M using a hot wallet, but promises to compensate all users.
Server logic was exploited by the attacker; no compromises on the private keys.

On July 16, the Seychelles-based BigONE crypto exchange reported a significant security breach, which occurred following the detection of suspicious activity with the assets of the platform. This firm announced that it was attacked by third parties on its hot wallet and estimated a loss of about 27 million dollars.

Although the attack enabled hackers to take a substantial amount, BigONE assured users that all the private keys have been secured and the hack is contained to avoid more losses. The platform is working with blockchain security company SlowMist to track stolen cryptocurrency across other blockchains, such as Ethereum, Bitcoin, Solana, Tron, and Binance Smart Chain.

Attack Details and Tokens Involved

The attack took advantage of the production network of the exchange by using a supply chain attack to modify business logic on the servers that carried out account and risk controls to allow unauthorized withdrawals without disclosing any private keys. SlowMist described the assault as a compromise of the operating logic rather than a violation of the personal credentials associated with the user.

Tokens lost during the breach include:

120 BTC

350 ETH

Over 9.5 billion SHIB

Approximately 7.1 million USDT across various blockchains

538,000 DOGE

1,800 SOL

20,730 XIN

15.7 million CELR

In addition, there are SNT, LEO, UNI, WBTC and CELR.

Source – X SlowMist_Team

The attacker has transferred funds to a number of addresses that SlowMist is monitoring:

Ethereum & Binance Smart Chain:0x9Bf7a4dDcA405929dba1FBB136F764F5892A8a7a

Solana: HSr1FNv266zCnVtUdZhfYrhgWx1a4LNEpMPDymQzPg4R

Bitcoin: bc1qwxm53zya6cuflxhcxy84t4c4wrmgrwqzd07jxm

Tron: TKKGH8bwmEEvyp3QkzDCbK61EwCHXdo17c

Recovery Steps and User Assurance

To replenish the affected balance of the users, BigONE has enabled its internal security reserves of BTC, ETH, USDT, SOL, and XIN. In tokens outside of these, the exchange is sourcing the external liquidity through borrowing systems to stabilize the wallet fast enough.

The deposit and trading functions will soon be restarted in a few hours, but the withdrawal services will continue to be suspended until reasonable security measures are achieved. BigONE guaranteed full compensation of the losses, which is why no material impairment of the assets of users is to be expected as a result of the incident.

The exchange stated:

“We are truly sorry about how this happenstance might have affected people and will exhibit complete openness during the inquiry and recovery process.”

Wider Implications for Crypto Security

This event shows that there are continuing weaknesses in hot wallet systems that centralized exchanges rely on. Hot wallets have a greater risk of attack than the cold storage option, although they facilitate convenient transactions. This hacking highlights the significance of a well-developed risk management system and the constant necessity of high levels of security improvements within the cryptocurrency space.

According to the industry observers, even in 2025, the year had its share of transaction platform security issues, and cumulative losses due to exploits have exceeded USD 2 billion. Nonetheless, the immediate identification, eradication and the schedule of complete compensation by BigONE shows proactive crisis management which seeks to maintain user confidence and internal integrity of the platform.

The post BigONE Suffers $27M Hot Wallet Attack — Full Story & Recovery Steps appeared first on Live Bitcoin News.

---

Filed under: Bitcoin - @ July 16, 2025 4:17 pm