On July 16, 2025, the cryptocurrency exchange BigONE suffered a significant security breach, resulting in the loss of approximately $27 million in digital assets. The attack, characterized as a sophisticated supply chain exploit, targeted the exchange's hot wallet infrastructure.

According to blockchain security firm SlowMist, the breach stemmed from a third-party exploit that compromised BigONE's production network. The attackers reportedly manipulated the operational logic of servers related to account and risk control, enabling unauthorized withdrawals without directly accessing private keys. This allowed them to bypass key verification processes.

The stolen assets span multiple blockchains, including 120 BTC (approximately $14.1 million), 1,272 ETH, and 2,625 SOL (~$428,000). Several stablecoins and altcoins, including USDT across TRC-20, ERC-20, and BSC, were also affected. The exchange has pledged to cover all losses from the breach to keep users' assets intact. BigONE has activated its internal security reserves, comprising BTC, ETH, USDT, Solana (SOL), and Mixin (XIN), to replenish affected user funds. The exchange is also actively securing external liquidity through borrowing mechanisms to restore the platform wallet as soon as possible for other affected mainstream and non-mainstream tokens.

Cyvers, another blockchain security firm, reported that the attack began with malicious binaries deployed to account-operation servers, followed by the unauthorized draining of 350 ETH ($1.1 million). The attacker quickly expanded withdrawals across Bitcoin, Solana, and Tron, consolidating the stolen assets into a single external address for laundering. The stolen funds were then converted to WETH/ETH and routed through fresh intermediaries, indicating preparations for mixing or decentralized exchange activity.

BigONE has taken swift action to address the breach. The platform has temporarily suspended deposits and withdrawals and is undergoing system recovery. Trading and recharge functions are expected to be restored soon. The exchange has also partnered with SlowMist to trace the hackers and has pledged full compensation to affected users. BigONE's prompt response and commitment to compensating affected users are commendable, as this approach is crucial in maintaining user confidence and trust.

This incident marks one of the largest centralized exchange hacks of 2025 to date and brings renewed scrutiny to supply chain vulnerabilities within the crypto ecosystem. Unlike traditional wallet hacks, supply chain attacks often target internal systems during development or updates, making them harder to detect and mitigate. Experts warn that such exploits are becoming more common as attackers shift focus from user-level phishing and malware to backend and infrastructure-level manipulation.

Cyvers identified several security gaps contributing to the incident, including a single-point failure in hot-wallet management, insufficient code integrity controls, a lack of pre-transaction validation, and limited network segmentation between build and wallet-management servers. BigONE has pledged to review all vendor relationships and perform a full audit of its operational processes to ensure future resilience.

The BigONE hack comes a day after Arcadia Finance, a decentralized finance (DeFi) platform operating on the Base blockchain, suffered an exploit resulting in the theft of about $3.5 million in cryptocurrency. The first half of 2025 has seen more than $2.47 billion in losses due to hacks, scams, and exploits, representing a nearly 3% increase over the $2.4 billion stolen in 2024. This incident serves as a reminder to other cryptocurrency exchanges and users about the importance of security. Exchanges must invest in advanced security technologies and regularly audit their systems to prevent such breaches. Additionally, enabling two-factor authentication and using strong, unique passwords can enhance the security of user accounts.