BigONE Hack

On July 16, 2025, Seychelles-based crypto exchange BigONE lost $27M in a supply chain attack compromising third-party software that altered hot wallet operational logic on account/risk control servers, enabling unauthorized withdrawals across Bitcoin, Ethereum, Tron, Solana, and BNB Chain without private key exposure. The attacker, using social engineering to breach a developer’s device, manipulated backend systems for stealthy drains—120 BTC ($14M), 350 ETH ($7M), 7.1M USDT ($7M multi-chain), 1,800 SOL ($3M), 538k DOGE ($1M), 9.5B SHIB ($500k), 1 WBTC ($60k), and minor tokens like XIN, CELR, UNI, LEO—laundered via swaps to TRX/BTC/ETH/SOL and Tornado Cash. Detected via abnormal movements, BigONE contained the vector within hours, resumed trading/deposits, delayed withdrawals for upgrades, and pledged full user reimbursements from reserves/insurance ($2.1B+ YTD losses context). Collaborating with SlowMist/HackenProof ($8M bounty) and law enforcement, no further losses occurred; ZachXBT noted BigONE’s scam ties, viewing it as “industry cleanse.” This backend exploit—bypassing keys—signals 2025’s shift to infrastructure attacks, urging zero-trust vendor monitoring, behavioral analytics, and supply chain audits to cap $27M breaches amid rising CEX vulnerabilities.