Crypto exchange BigONE has confirmed a $27 million hot wallet hack caused by a third-party supply chain attack, pledging full reimbursement to users and activating internal reserves for recovery.
Hot Wallet Breach Hits BigONE
Seychelles-based crypto exchange BigONE revealed that it had suffered a major security breach, resulting in the loss of approximately $27 million. The incident was traced to a supply chain attack that targeted the platform’s hot wallet infrastructure.
In an official statement, the exchange said,
“In the early hours of July 16, BigONE detected abnormal movements involving a portion of the platform’s assets. Upon investigation, it was confirmed to be the result of a third-party attack targeting our hot wallet.”
SlowMist Flags Breach
The hack was first reported by blockchain security firm SlowMist, which indicated that the attacker had gained access to the exchange’s production network.
SlowMist stated,
“The production network was compromised, and the operating logic of account and risk control-related servers was modified, enabling the attacker to withdraw funds.”
The firm clarified that private keys were not exposed during the attack.
Assets Affected and Response Measures
BigONE, which supports trading in over 180 cryptocurrencies, disclosed that the stolen funds included 120 BTC, 350 ETH, 1,800 SOL, and roughly 8.54 million USDT across four different networks. Other affected tokens include Dogecoin (DOGE), Shiba Inu (SHIB), and CELR, bringing the total to eight cryptocurrencies impacted.
Despite the breach, the exchange asserted that its private keys remain secure. The attack path has been “identified and contained,” according to the team, which also confirmed that no additional losses are expected. In response, BigONE has initiated system recovery efforts and is working with SlowMist to trace the attacker’s addresses and monitor on-chain fund movements.
User Funds To Be Fully Reimbursed
To mitigate the impact on users, BigONE announced it would cover all losses from the attack. The platform stated,
“We will fully cover all losses incurred from this incident to ensure that user assets are not affected in any material way.”
The company has activated its internal security reserve,comprising BTC, ETH, USDT, SOL, and XIN, to replenish user balances. Additionally, BigONE is securing external liquidity through borrowing to restore affected token pools, both mainstream and otherwise.
Deposit and trading services are expected to resume shortly, with withdrawal capabilities returning after a final round of security enhancements.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
