Crypto exchange BigONE has been hit by a cyberattack that targeted its hot wallet, leading to a loss of around $27 million worth of crypto.
The exchange said it discovered the issue on July 16 after its security system noticed unusual activity. After checking, they confirmed that it was a third-party attack on their hot wallet system.
BigONE assured users that their private keys are safe and that the attack path has been identified and contained, meaning no more funds are at risk.
They’re now working closely with blockchain security company SlowMist to track the hacker’s wallet addresses and follow the movement of the stolen crypto.
The stolen assets include:
- 120 Bitcoin
- 350 Ether
- Millions of USDT
- And large amounts of other tokens like CELR, SNT, and SHIB
BigONE Promises to Cover All User Losses After $27M Hack
BigONE has promised to fully compensate affected users. The company said it already used some of its security reserves, including Bitcoin, Ether, USDT, Solana, and Mixin (XIN), to start refunding users right away.
“For other affected mainstream and non-mainstream tokens, we are actively securing external liquidity through borrowing mechanisms to restore the platform wallet as soon as possible,”- BigONE .
For other tokens that were stolen, BigONE is now working on getting more outside liquidity by borrowing funds, so it can quickly restore its wallets.
How the Attack Happened
According to a report shared with Cointelegraph by security firm Cyvers, the hacker broke into BigONE’s main production network. They likely gained access through compromised tools used for updating and managing the platform (called CI/CD pipelines or server channels). Once inside, the attacker changed the platform’s internal logic and disabled key security checks.
The hack began when malicious code was placed on servers that handle user accounts. The hacker then drained 350 ETH (about $1.1 million) and quickly expanded the attack, stealing funds from Bitcoin, Solana, and Tron wallets. All stolen crypto was later moved to one wallet, likely to be laundered.
Hacker Turns Stolen Crypto Into WETH
According to Cyvers, the funds were converted into WETH (Wrapped Ether) and passed through new wallet addresses, a typical move used to prepare for mixing or trading on decentralized platforms. These tactics are often used to make it harder to trace stolen assets.
Cyvers also shared a list of security weaknesses that may have helped the attacker pull off the heist. One major issue was a single point of failure in how BigONE managed its hot wallets, meaning the system didn’t have enough backups or extra protections. The company also lacked proper code checks to ensure the system hadn’t been tampered with. In addition, there were no pre-transaction validations, and the servers responsible for building software weren’t well separated from those handling the exchange’s wallets, another red flag from a cybersecurity perspective.
This incident follows closely on the heels of another crypto exploit. Just a day earlier, DeFi platform Arcadia Finance, which operates on the Base blockchain, lost $3.5 million in an attack. Together, the two hacks highlight how both centralized and decentralized platforms continue to face serious security challenges in the fast-moving world of crypto.
