BigOne exchange lost $27 million due to attack

The SlowMist team noted an ongoing exploit of the BigOne exchange. The market operator suffered a supply chain attack, managing to drain $27M. 

The BigOne exchange, a market with $728M in volumes, suffered a supply chain attack. The SlowMist team accounted for $27M in losses so far. The hacker drained liquidity on four chains – Ethereum, Solana, TRON, and Bitcoin. 

🚨SlowMist TI Alert🚨

The exchange @BigONEexchange was exploited due to a supply chain attack and loss exceeds $27 million. The production network was compromised, and the operating logic of account and risk control related servers was modified, enabling the attacker to withdraw… pic.twitter.com/GkxlNIUs6A

— SlowMist (@SlowMist_Team) July 16, 2025

No private keys were leaked, but the exchange logic outside its wallets allowed the hacker to withdraw an unlimited balance. 

The recent unauthorized withdrawal is the most significant attack against BigOne to date. The exchange is ranked at position #91 based on the CoinGecko reliability index, with a trust score of 6/10. The exchange has relatively high volumes, but limited liquidity for some of its trading pairs, with significant slippage potential.

The exchange is not among the Tier 1 markets that carry the most traffic. On-chain investigator ZachXBT noted the market has been widely used to launder funds from personal scams. 

BigOne noted outflows from its main hot wallet

The BigOne exchange team immediately identified the suspicious outflows, affecting its main hot wallet. The wallet’s keys are unaffected and the exchange is working toward renewing deposits and withdrawals. The exchange still posted a system upgrade message hours after the exploit.

⚠️ Security Incident: unauthorized access to our hot wallet

All user assets are safe. BigONE will fully bear all the losses. Trading and deposits will resume soon; withdrawals after added security upgrades.

🔗 https://t.co/CWCrng2KK8

— BigONE (@BigONEexchange) July 16, 2025

The exchange’s biggest hot wallet, holding over $23M, was last active in the past few hours. The recent outflows affected a series of hot wallets on different chains, including 120 BTC. The hacker holds nearly $4M in ETH and several tokens, though the tokens may not be easily tradable. 

The hacker also took stablecoins on several networks, as well as SHIB, DOGE, and smaller Ethereum-based tokens. Another $7M is held in TRX tokens on the TRON network.

User balances have not been materially affected, and BigOne will use its insurance fund to cover the loss. The exchange currently holds over $91M in crypto assets, based on DeFiLlama data. 

BigOne mostly trades BTC, ETH, and SOL, with significant markets for LTC and older meme tokens like BONK and DOGE. 

The exchange was founded in 2017, going through several bull and bear markets already. The market operator started out in mainland China, but later moved due to regulatory restrictions on crypto trading. The long-term presence on the market meant BigOne mostly carried altcoins from previous bull cycles, with few inflows from the latest meme tokens. 

BigOne renews centralized exchange attacks

The BigOne exchange attack follows a series of exploits against decentralized protocols. During the week, the GMX protocol saw an outflow of multiple tokens valued at $42M, before the hacker agreed to return the funds. 

A classic supply chain attack, causing unauthorized withdrawals, is now a more rare event. Centralized exchanges have not suffered such attacks since KuCoin’s exploit for $275M in 2020. 

Even the Bybit attack used a wallet vulnerability, instead of the exchange’s account and authorization infrastructure. The recent exploit showed that server vulnerabilities can also be exploited, changing the logic to operate hot wallets.

The hackers managed to bypass the account and withdrawal controls, though the outsized transactions were still flagged. 

KEY Difference Wire: the secret tool crypto projects use to get guaranteed media coverage