SlowMist has disclosed a suspected supply chain attack on the exchange BigONE. The attacker manipulated the logic of servers related to account and risk control in the production network to execute unauthorized withdrawals, causing losses exceeding $27 million. SlowMist noted that no private keys were leaked. The attacker’s address has been identified.