The Seychelles-based cryptocurrency exchange BigONE confirmed that on July 16, 2025, it suffered a crypto supply chain attack that allowed cybercriminals to drain $27 million from the exchange’s hot wallets.
With a sophisticated attack, the hackers compromised the exchange’s production network and gained access to the funds without ever accessing private keys.
Interestingly, BigONE has reported that no private keys were leaked during the exploit. Instead, internal systems were manipulated to grant unauthorized fund withdrawals across various assets. As confirmed by onchain data, the attackers took:
These unauthorized fund withdrawals were officially confirmed by BigONE, saying: “In the early hours of July 16, BigONE detected abnormal movements involving a portion of platform assets. Upon investigation, it was confirmed as the result of a third-party attack targeting our hot wallet.”
BigONE also continued to assure users that the threat was contained and that all customer private keys were secure. It concluded that the attack vulnerability had been identified and closed, removing the risk of further losses.
This joined the list of high-profile crypto exchange hacks in 2025. BigONE was quick to restore its services, including deposits and trading, while working with blockchain security experts SlowMist to begin tracing stolen funds.
