BigONE exchange suffers $27M hack, promises full user compensation

Global cryptocurrency exchange, BigONE, has been affected by a major security incident. The company confirmed it lost over $27 million after attackers broke into its systems. This event has raised fresh concerns about how safe centralised crypto platforms really are. 

On 16 July, BigONE’s internal monitoring systems picked up strange movements in its hot wallets. These wallets hold crypto assets that are available for instant withdrawals and trades. When the security team checked, they realised something was seriously wrong.

Unlike many crypto hacks, this was not a case of stolen private keys or someone breaking directly into customer wallets. Instead, the attack came through what’s known as a “supply chain” vulnerability.

According to blockchain security firm SlowMist, the attackers gained access to BigONE’s production servers – the core computers that run daily exchange operations. 

They did this by inserting malicious code into BigONE’s backend systems, specifically changing how the servers handled accounts and risk checks.

This gave them secret access to approve fake withdrawals without triggering alarms. It allowed the attackers to drain funds from the platform across several blockchains, including Bitcoin ($BTC), Ethereum ($ETH), Tether ($USDT), Solana ($SOL), and lesser-known tokens like $SHIB and $CELR.

On-chain analytics group, Lookonchain, reported that the hackers moved the stolen funds into different tokens and wallets quickly. The breakdown included 120 BTC (about $14.15 million), 1,272 ETH ($4 million), 23.3 million TRX ($7 million), and 2,625 SOL ($428,000). They also identified several wallet addresses involved in the attack, including:

• Bitcoin: bc1qwxm53zya6cuflxhcxy84t4c4wrmgrwqzd07jxm
• Ethereum: 0x0A360bD648EB86613961a2AA41dC1610c5305F4F
• Tron: TKKGH8bwmEEvyp3QkzDCbK61EwCHXdo17c
• Solana: HSr1FNv266zCnVtUdZhfYrhgWx1a4LNEpMPDymQzPg4R

Importantly, no user wallets or private keys were touched. As SlowMist stated, “The production network was hacked, and the operating logic of the account and risk control-related servers was tampered with, allowing the attacker to withdraw funds, but fortunately the private key was not leaked”.

This attack has been described as one of the largest direct hot wallet hacks since the KuCoin breach in 2020, when $275 million was stolen. 

Experts from Cyvers and Hacken believe that weaknesses in BigONE’s Continuous Integration and Deployment (CI/CD) pipelines, along with poor separation between servers, made the hack possible.

Paying back users and fixing security

Once BigONE confirmed the attack, it acted quickly. The exchange suspended withdrawals, began tracing stolen funds with the help of SlowMist, Cyvers, and Hacken, and publicly promised that no customer would lose money.

“All user assets are safe. BigONE will fully bear all the losses. Trading and deposits will resume soon; withdrawals after added security upgrades”, BigONE said in an official statement.

To cover the stolen $27 million, BigONE is using its own security reserves, which hold assets like Bitcoin, Ethereum, USDT, Solana, and Mixin. For other tokens, the exchange is working with external lenders to bring in extra funds. 

Trading and deposits are set to resume soon, but withdrawals will stay paused until BigONE completes a full security upgrade.

A company spokesperson said, “We are implementing a complete security revamp to address backend vulnerabilities. Trading and deposits will restart shortly, but withdrawals will remain paused until a full security review and upgrade are completed”.

Regular updates are being posted to reassure users, and the team has promised full transparency throughout the investigation and recovery process. 

Importantly, the platform has guaranteed that no user balances were affected and all private keys remain secure.

Experts have pointed out that this attack underlines the danger of backend flaws. As SlowMist explained, while front-end protections like two-factor authentication and wallet encryption are important, they mean little if the servers running the exchange can be quietly tampered with.

What this means for crypto security?

The BigONE attack is just the latest in a string of security breaches hitting crypto exchanges in 2025. Only days before, GMX lost over $42 million, and Nobitex, Iran’s largest exchange, is still recovering from a $90 million hack.

In the first half of this year alone, crypto platforms have seen losses topping $2.4 billion. While this is worrying, experts say it’s important to separate the technology from the platforms built on top. 

The core blockchain networks, like Bitcoin and Ethereum, remain secure and resistant to censorship. The problem lies with the centralised companies managing user funds.

Blockchain investigator ZachXBT was blunt in his reaction, saying, “I do not feel bad for the team as this CEX processed a good bit of volume from pig butchering, romance, investment scams”. His comments point to deeper issues around trust and platform integrity.

According to Coincu research, the BigONE attack could drive more regulatory attention and push exchanges to strengthen their backend systems. 

CoinMarketCap reports that despite the headlines, Bitcoin is trading at around $117,855.93, holding a market cap of $2.34 trillion and 62.94% market dominance. 

Over the past 90 days, Bitcoin’s price has gone up 39.56%, showing the crypto market’s resilience.

Yet, the message from security firms is clear: it’s time for exchanges to invest more in protecting their backend systems, not just their front-facing services. 

Continuous security testing, better CI/CD protections, stronger network segmentation, and automatic incident response systems are now seen as must-haves.

SlowMist summed it up by saying, “Even though the private key was not leaked, backend logic bugs show just how dangerous unnoticed gaps in system security can be”.

BigONE has promised to bear the full cost of the breach and is already working to restore services. 

However, the incident has left a mark on the crypto industry, serving as a wake-up call to all exchanges that even if customer wallets are locked down, a weak backend can open the door to disaster.

As exchanges like BigONE move forward, users and regulators alike will be watching closely to see if these platforms truly learn from their mistakes and raise the bar on security for good.