The cryptocurrency exchange BigONE confirmed that it suffered a loss of $27 million following an attack from a third party targeting its hot wallet architecture.
The cryptocurrency exchange BigONE suffered an external attack targeting its hot wallet architecture, resulting in estimated losses of around $27 million.
On July 16, BigONE announced that it had detected the security incident after it triggered abnormal asset movements alerts from its real-time monitoring system. The company stated: "After investigation, it was confirmed that the incident was the result of an external attack targeting our hot wallets."
BigONE indicated that all private keys remain secure, and the attack vector has been identified and contained to prevent further losses. The exchange also collaborated with cybersecurity firm SlowMist to trace the wallet addresses linked to the attacker and monitor the movement of the stolen funds.
The affected assets included 120 Bitcoin (BTC), 350 Ethereum (ETH), and several millions of Tether (USDT) across various networks, in addition to significant amounts of CELR, SNT, SHIB tokens, and others.
BigONE will cooperate with SlowMist to recover funds. Source: SlowMist
BigONE pledges to compensate all losses
BigONE pledged to cover all losses resulting from the breach to protect user assets. The company announced that it began utilizing its internal security reserves, which include BTC, ETH, USDT, Solana (SOL), and Mixin (XIN), to compensate affected funds.
It added: "For other digital tokens, whether primary or secondary, we are actively working to secure external liquidity through borrowing mechanisms to restore the platform's wallet balance as soon as possible."
In a report shared with Cointelegraph, the cybersecurity company Cyvers explained that the attacker exploited the platform's production network, likely through compromised server management channels or continuous integration/deployment (CI/CD), allowing them to modify business logic and disrupt risk control mechanisms.
The attack began by deploying malicious executable files on the computational servers, then the attacker proceeded to unauthorized withdrawals of 350 ETH (worth $1.1 million). Soon, they expanded their operations to include withdrawals on Bitcoin, Solana, and Tron networks, consolidating the stolen assets into a single external address for the purpose of laundering.
Yehor Roditsia, a network security researcher at Hacken, told Cointelegraph: "To prevent such attacks, the security of CI/CD lines must be reinforced, strict oversight on software dependencies enforced, and continuous monitoring on-chain and off-chain for the entire infrastructure applied."
Roditsia added that "automated incident response" is a necessary security measure for all exchanges to stop exploitation and secure as much of the funds as possible.
Converting stolen funds to WETH
The stolen funds were converted to WETH/ETH tokens and routed through new intermediaries, indicating an intent to use mixing or trade on decentralized platforms, according to a report by Cyvers.
The company identified several security vulnerabilities that contributed to the incident, including reliance on a single point of failure in hot wallet management, weak code safety controls, lack of pre-transaction verification, and poor separation between build servers and wallet management.
The BigONE breach comes just a day after the decentralized finance platform Arcadia Finance, operating on the Base network, suffered a similar attack that resulted in the theft of approximately $3.5 million in cryptocurrencies.
The first half of 2025 witnessed losses exceeding $2.47 billion due to hacks, fraud, and exploitation, an increase of nearly 3% from the total losses recorded in 2024, which amounted to $2.4 billion.
#WriteToEarn #Write2Earn #CryptoArabic #BinanceSquare #BinanceHerYerde
