$27 million vanished in the BigONE hack, yet the most astonishing aspect of this incident lies elsewhere
In a shocking turn of events, Singapore-based crypto exchange BigONE suffered a significant loss of $27 million in a targeted supply chain attack on July 16, 2025. The breach, classified as a supply chain attack by blockchain security firm SlowMist, was not a direct attack on private keys but instead involved manipulation of the exchange's server-side logic.
The attacker infiltrated BigONE's production network, specifically targeting servers tied to account logic and risk control. By altering the backend systems, the attacker was able to authorize withdrawals and transfer funds without triggering the normal internal security alarms, effectively bypassing the need to access private keys.
BigONE has partnered with security firms like SlowMist to track the stolen funds and prevent further losses. Affected user accounts are being credited based on pre-hack balances, and the exchange has pledged full compensation and activated emergency reserves to restore affected assets.
The stolen funds spanned multiple blockchain networks, including Ethereum, Bitcoin, Tron, Solana, and Binance Smart Chain. Major platforms like Binance and OKX are monitoring for suspicious deposits from these addresses. Users are advised to avoid transferring assets to flagged hacker addresses to prevent blacklisting.
The incident highlights potential vulnerabilities in backend infrastructure as a top threat vector in the Web3 space. Users are advised to enable 2FA and withdrawal whitelists for future transactions to enhance security. A live incident report is scheduled to be published within 48 hours, and users are advised to monitor announcements for wallet reactivations and compensation status.
BigONE has resumed trading and deposits, with withdrawals expected to follow after additional security hardening. The exchange has emphasized its commitment to transparency and is working diligently to restore normal operations while ensuring the safety of its users' assets.
- To avoid potential losses, BigONE users are advised to enable two-factor authentication (2FA) and implement withdrawal whitelists for their accounts.
- The attack on BigONE was not a direct assault on private keys but rather an intrusion into the exchange's server-side logic, enabling unauthorized withdrawals.
- BigONE is collaborating with security firms like SlowMist to trace the stolen funds and safeguard assets, while offering full compensation to affected users.
- The stolen coins were distributed across several blockchain networks, including Bitcoin, Ethereum, and Binance Smart Chain, prompting exchanges like Binance and OKX to monitor for suspicious deposits.
- Users are urged to exercise caution when transacting to prevent their assets from being blacklisted or added to a whitelist of hacker addresses.
- The incident serves as a stark reminder of the importance of robust cybersecurity measures and strong blockchain technology in the Web3 space.
- Withdrawals on BigONE are yet to be resumed, following the attack, as the exchange is strengthening its security systems to prevent future breaches.
- The stolen funds spanned a range of cryptocurrencies, including popular coins such as Tron, Solana, and various Ethereum-based tokens.
- BigONE is dedicated to maintaining transparency and has scheduled a live incident report to be published within 48 hours, keeping users informed about the recovery process and compensation status.
- Exchanges and other platforms dealing with cryptocurrency transactions must prioritize security measures, ensuring the safety of users' digital wallets and ledgers.
