WooX Hack

On July 24, 2025, WOO X—a Seychelles-based crypto exchange with $123M+ reserves—lost $14M in a phishing attack compromising a team member’s device, granting dev environment access to drain nine user accounts/hot wallets across Bitcoin (5+ BTC), Ethereum (~$7.3M ETH/USDT), BNB Chain (5 BTCB), Arbitrum, and Tron (7M TRX) via unauthorized withdrawals to attacker addresses (e.g., ETH: 0x87aab7bac1308fAF2A0d59DA26b8379e18b26355; BTC: bc1q4xm6y972qa82f4cudr4d28xdhxa4e68v5atrej), with funds swapped/laundered post-breach. Detected within hours, WOO X paused withdrawals, blocked further txs, contacted victims, and pledged full treasury compensation; Cyvers traced in real-time, revealing hot wallet outflows despite “contained” claims. This third ecosystem hit (post-Kronos $25M API/2023, WooFi $8.5M oracle/2024) exposed OpSec gaps like paused bug bounties; amid July’s $142M hacks (PeckShield), it underscores phishing’s rise (23%+ wallet thefts), urging multi-biometric auth, vendor-zero-trust, and behavioral monitoring to avert $14M CEX drains in 2025’s $3.1B+ breach wave.