Hacker manipulated server logic to bypass BigONE’s risk controls.
Stolen assets are converted into BTC, ETH, TRX, and SOL quickly.
BigONE has confirmed a security breach that resulted in over $27 million in stolen assets. The incident occurred on July 16th and was a supply chain attack. SlowMist and CertiK flagged the suspicious outflows. The attacker modified the internal server logic to bypass the risk controls and make unauthorized withdrawals.
Hacker Evades Key Protection, Hits Hot Wallets
According to BigONE, the breach targeted its hot wallet infrastructure. The attacker gained access by modifying production environment settings tied to the account and risk control logic. BigONE stated that private keys were not exposed during the incident. The team discovered abnormal fund flows, traced the breach, and stopped further losses.
The #BigONE exchange was hacked and lost over $27M.
Currently, the hacker has exchanged the stolen assets for 120 $BTC($14.15M), 23.316M $TRX($7.01M), 1,272 $ETH($4M) and 2,625 $SOL($428K).
Address:
bc1qwxm53zya6cuflxhcxy84t4c4wrmgrwqzd07jxm
TCAfB8jHbJ56xwmfwKwWEs8HLRjbC2GfHG… pic.twitter.com/RXfSb7jgt0
— Lookonchain (@lookonchain) July 16, 2025
Stolen assets include 120 BTC, 1,272 ETH, 8.5 million USDT across TRC20, ERC20, BSC, and Solana, plus 23.3 million TRX. Other affected tokens are 20,730 XIN, 4.3 million SNT, 15.7 million CELR, 16,071 LEO, 25,487 UNI, 9.7 billion SHIB, 1,800 SOL, and 538,000 DOGE. BigONE noted that these figures remain under review.
Despite the size of the exploit, the exchange assured users that losses would not affect them directly. To maintain account balances, BigONE has activated internal reserves in BTC, ETH, USDT, SOL, and XIN. For the remaining assets, the exchange is sourcing external liquidity and using borrowing mechanisms.
Attacker Wallets Traced as Criticism Emerges
The attacker quickly swapped the assets into multiple chains. Confirmed hacker wallets include:
Ethereum/BSC: 0x9Bf7a4dDcA405929dba1FBB136F764F5892A8a7a
Bitcoin: bc1qwxm53zya6cuflxhcxy84t4c4wrmgrwqzd07jxm
Solana: HSr1FNv266zCnVtUdZhfYrhgWx1a4LNEpMPDymQzPg4R
Tron: TKKGH8bwmEEvyp3QkzDCbK61EwCHXdo17c
CertiK, which also monitored the breach, reported token transfers just before the exploit was confirmed. SlowMist is now collaborating with BigONE to monitor wallet movements and prevent further distribution of the stolen assets.
#CertiKInsight
We have seen multiple large token outflows from 0xd4dcd2459bb78d7a645aa7e196857d421b10d93f that are related to the latest BigONE security incident.
The exploiter now holds ~$4M in ETH and multiple other tokens (may not be liquidatable ) at… pic.twitter.com/qWM0rFfNbB
— CertiK Alert (@CertiKAlert) July 16, 2025
Meanwhile, blockchain investigator ZachXBT criticized the exchange, claiming BigONE previously processed volume from pig butchering, romance, and scam-related schemes. He stated he had “no sympathy” for the platform’s operators due to its prior ties.
BigONE has suspended withdrawals as new security protocols are being applied. Deposits and trading are expected to resume shortly. The exchange has pledged transparent updates as investigations continue.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. CoinCryptoNewz is not responsible for any losses incurred. Readers should do their own research before making financial decisions.
<p>The post BigONE Confirms $27M Theft After Major Supply Chain Attack first appeared on Coin Crypto Newz.</p>
