BigONE lost $27M after a hot wallet hack exposed major flaws in its CI/CD security, prompting urgent recovery and damage control.
The hacker exploited system gaps, drained BTC, ETH, SOL, and TRX, and quickly moved the funds through decentralized exchanges.
BigONE vowed to cover all user losses using internal reserves and loans while facing criticism over past shady transaction history.
Crypto exchange BigONE has suffered a severe security breach, losing over $27 million due to a third-party attack on its hot wallet system. The hack triggered alerts on July 16 after abnormal transactions set off real-time monitoring tools. The exchange quickly investigated and confirmed that a third-party attacker exploited its hot wallet infrastructure. Affected assets include 120 BTC ($14.15M), 23.3 million TRX ($7.01M), 1,272 ETH ($4M), and 2,625 SOL ($428K). Other stolen tokens include SHIB, CELR, USDT, and more.
BigONE has since contained the threat and ensured its private keys remain uncompromised. Moreover, it partnered with security firm SlowMist to trace the hacker’s addresses and monitor fund movements. The fact that the stolen cryptocurrency was quickly changed to WETH/ETH and sent via new middlemen suggests that decentralized exchanges were used for laundering. The stolen assets were consolidated and managed by the attacker using a single wallet.
Security Lapses and System Exploits
According to Cyvers, the breach began when the attacker infiltrated BigONE’s production network. They likely exploited weaknesses in CI/CD pipelines or server management tools. Then, they modified business logic and disabled risk-control systems. Consequently, this allowed unauthorized transactions to flow freely across major chains.
The attacker started with 350 ETH ($1.1M) and expanded the exploit to include BTC, SOL, and TRX. Cyvers identified several root causes, including single-point hot wallet failure, poor code integrity checks, and weak pre-transaction validation. Limited segmentation between build systems and wallet servers also worsened the impact.
Recovery Steps and Industry Reactions
BigONE pledged to fully compensate users and activated internal reserves in BTC, ETH, USDT, SOL, and XIN. Additionally, it is borrowing external liquidity to cover non-mainstream token losses. Experts like Yehor Rudytsia emphasized the need for stronger CI/CD security, automated incident response, and continuous on-chain monitoring.
Meanwhile, onchain investigator ZachXBT criticized BigONE, citing its role in processing funds linked to scams. The exchange handled over $684 million in trading volume within 24 hours, according to CoinGecko.
This breach follows a $3.5 million exploit at Arcadia Finance, signaling a renewed threat wave targeting both centralized and decentralized platforms.
The post BigONE Exchange Loses $27M in Major Hot Wallet Hack appears on Crypto Front News. Visit our website to read more interesting articles about cryptocurrency, blockchain technology, and digital assets.
