BigONE has fallen victim to a supply chain attack, resulting in losses exceeding $27 million. The breach allowed the attacker to exploit the network and withdraw funds from the exchange’s hot wallet.
The incident occurred on July 16 and involved a third-party compromise that targeted BigONE’s production network. In response, the exchange is working closely with blockchain security firm SlowMist to investigate the breach and trace the stolen assets.
According to SlowMist, the attacker’s wallet addresses have been identified across multiple blockchains, including Ethereum, BSC, Solana, Bitcoin, and Tron. The firm continues to monitor the movement of the stolen funds and is providing real-time updates to BigONE as the investigation progresses.
In response to the attack, BigONE has activated its internal security reserves to safeguard user funds and ensure continued on-chain liquidity. The company stated that all private keys remain secure and confirmed that the vulnerability used in the exploit has been identified and contained.
“For other affected mainstream and non-mainstream tokens, we are actively securing external liquidity through borrowing mechanisms to restore the platform wallet as soon as possible,” the exchange said in an official statement.
How was BigONE attacked?
According to BigONE’s report, the attacker gained unauthorized access to the exchange’s production network, which includes the live servers responsible for account management and risk controls. Instead of targeting private keys, the attacker altered the “operating logic” of these servers—specifically the components that determine the validity of withdrawal requests.
By manipulating this logic, the attacker was able to approve and process fraudulent withdrawals without needing direct access to private keys. This allowed malicious transactions to bypass security checks and siphon funds undetected.
After identifying the exploit, BigONE swiftly disabled deposit and withdrawal functions to halt any further losses. The exchange has since assured users that these services will resume within hours, following the implementation of enhanced security measures.
“We are actively securing external liquidity through borrowing mechanisms to restore the platform wallet as soon as possible,” the company reiterated.
