BigOne exchange is badly hit with a high-value security breach in the form of a loss of 27 million.
Blockchain security firm SlowMist identified the attack as a supply chain exploit that allowed unauthorized transfers of funds over four major networks. The attacker exploited a bug in the exchange infrastructure, not a hack in private keys.
SlowMist TI AlertThe exchange @BigONEexchange was exploited due to a supply chain attack and loss exceeds $27 million. The production network was compromised, and the operating logic of account and risk control related servers was modified, enabling the attacker to withdraw… pic.twitter.com/GkxlNIUs6A
— SlowMist (@SlowMist_Team) July 16, 2025
The exploit affected the Ethereum, Solana, TRON, and Bitcoin networks. BigOne ensured that its main hot wallet showed suspicious withdrawals that had been detected early. The withdrawal controls were passed through, and the hacker had access to money without breaking the wallet keys. Although the platform lost the money, there is no danger of the users’ deposits being lost since the damages will be covered by the platform’s insurance fund.
Hot Wallets Targeted in Coordinated Attack
The biggest hot wallet of BigOne, amounting to more than 23 million, had last remained active a few hours prior to the hack. The hacker emptied various wallets on various chains. The hack involved 120 BTC withdrawals, $4 million worth of ETH, and some other illiquid tokens. The hacker also stole the stablecoins SHIB, DOGE, and almost seven million TRX on the TRON network.
The vulnerability used in the hack was not revealed, but the investigators suppose that the attacker managed to alter the exchange’s internal logic. This enabled transactions to be balanced without the need to follow the usual restrictions. BigOne stopped at once to avoid additional losses. The hack also accompanied the notice of system upgrade, together with the reinstatement of deposit and withdrawal services.
Security Concerns for Centralized Platforms Resurface
It is BigOne’s worst instant. This exchange ranks number 91 in the CoinGecko reliability index and has a 6 / 10 trust rating. Although its trading volume is relatively high, at $728 million, it is not deep in several trading pairs. This has added to its susceptibility to elevated slippage and lowered interest from institutional brokers.
Security Incident: unauthorized access to our hot walletAll user assets are safe. BigONE will fully bear all the losses. Trading and deposits will resume soon; withdrawals after added security upgrades. https://t.co/CWCrng2KK8
— BigONE (@BigONEexchange) July 16, 2025
Its centralized nature makes centralized exchange attacks less common after an occurrence in 2020 by the KuCoin exchange that resulted in a loss of 275 million dollars. The latest hacking of BigOne proves that central facilities are not immune to threats to infrastructure. In comparison to earlier attacks on wallet keys, that one revealed a vulnerability in the withdrawal logic of the system.
Exchange Response and Market Standing
BigOne ensured that there was no breach on the part of the private keys. The team is working on the complete functionality of the platform. The exchange is reported to have crypto funds worth $91 million, as DeFiLlama says. It primarily deals in BTC, ETH, SOL, and more ancient meme coins, including BONK and DOGE. Since its establishment in 2017, BigOne has already overcome multiple market cycles. The exchange has promised that all losses incurred during the attack would be paid despite the attack.
The post BigOne Exchange Suffers $27M Exploit in Supply Chain Attack first appeared on Coinfea.
