BigONE Exchange Suffers $27 Million Hot Wallet Breach

Centralized crypto exchange platform, BigONE has confirmed that the company has suffered a loss of $27 million. The company lost millions in a third-party attack that targeted the firm’s hot wallet infrastructure. This recent incident is one of the many other cyberattacks that have plagued the global crypto industry in 2025.

BigONE Exchange Suffers a $27 Million Loss

BigONE disclosed their hot wallet breach on July 16 after their real-time monitoring systems detected some unusual asset movement. In a public statement, they announced, “Upon investigation, it was confirmed to be the result of a third-party attack targeting our hot wallet.”

The attacker reportedly drained a wide range of tokens, including 120 Bitcoin (BTC), 350 Ether (ETH), millions of USDT across multiple chains, and significant amounts of CELR, SNT, SHIB, and other altcoins. Despite the loss, BigONE emphasized that all private keys remain secure and that the attack path has been contained to prevent further exploitation.

The exchange has since partnered with blockchain security firm SlowMist to trace the attacker’s wallet addresses and monitor the laundering of stolen assets. According to a parallel report by cybersecurity firm Cyvers, the breach likely originated from compromised CI/CD (Continuous Integration/Deployment) or server management channels. The attacker deployed malicious binaries, modified business logic, and disabled key risk-control systems to carry out the exploit.

Cyvers further revealed that the theft began with the unauthorized withdrawal of 350 ETH (around $1.1 million), which escalated to include assets on Bitcoin, Solana, and Tron networks. The stolen cryptocurrencies were consolidated into a single address before being converted into wrapped Ethereum (WETH), indicating plans to obfuscate funds via decentralized exchanges or mixing protocols.

Important Reads: Binance CEO Richard Teng Issues Urgent Warning on Rising Crypto Phishing Scams

Blockchain security expert Yehor Rudytsia from Hacken highlighted several vulnerabilities that contributed to the breach, including single-point hot wallet failures, insufficient code verification, poor transaction validation, and inadequate network segmentation. “Automated incident response systems are no longer optional, they’re essential for minimizing damage in real-time,” Rudytsia warned.

Despite the magnitude of the loss, BigONE has pledged to fully reimburse affected users. The platform has activated its internal security reserve, which includes BTC, ETH, USDT, SOL, and Mixin (XIN), to restore stolen assets. For less liquid or non-mainstream tokens, the exchange is sourcing external liquidity via borrowing mechanisms to speed up recovery.

This incident follows closely on the heels of another exploit: Arcadia Finance, a DeFi platform on the Base blockchain, was hacked for $3.5 million just a day earlier. The BigONE attack adds to an alarming rise in crypto-related thefts. The first half of 2025 has already witnessed over $2.47 billion lost to hacks, scams, and exploits, slightly surpassing 2024’s total.

As centralized and decentralized platforms continue to face mounting security threats, experts are calling for industry-wide adoption of proactive security protocols and enhanced transparency.