TL;DR
- BigONE, a well-known crypto exchange, confirmed a $27 million theft after an attacker breached its hot wallet network.
- Despite this, BigONE’s private keys remain untouched, and BigONE will fully compensate affected users.
- Security experts point to server management weaknesses but emphasize the resilience of decentralized technologies and the importance of robust security layers for centralized players.
Crypto exchange BigONE has reported a significant security breach involving a third-party attack that drained an estimated $27 million from its hot wallet reserves. The incident, discovered on July 16, triggered immediate alarms through BigONE’s real-time monitoring system, which flagged unusual asset movements. After investigating, the exchange confirmed that the attacker had infiltrated its production servers to bypass key risk checks.
BigONE’s swift reaction included working closely with blockchain security firms like SlowMist and Cyvers to trace the stolen funds and freeze suspicious addresses wherever possible. Most notably, the attacker targeted multiple chains, draining 120 Bitcoin, over 350 Ether, millions in Tether (USDT), and a variety of other tokens like SHIB and CELR.
Private Keys Safe And User Funds Protected
Despite the sizable exploit, BigONE has guaranteed that all private keys are secure and that customer balances will be fully restored using internal reserves. The exchange is tapping its security fund, which holds assets like BTC, ETH, SOL, and Mixin, to cover the losses. Additional liquidity is being arranged through external lending channels to replenish affected wallets swiftly.
Experts from Cyvers and Hacken noted that the attack likely stemmed from gaps in the exchange’s Continuous Integration and Deployment pipelines, combined with a lack of strong network segmentation between servers. The hackers deployed malicious binaries to gain unauthorized access, then consolidated stolen assets into fresh wallets for laundering.
Lessons For Centralized Platforms Amid Rising Threats
While the crypto world has grown accustomed to attacks on DeFi protocols, high-profile exploits on centralized exchanges have become less common. BigONE’s breach is the largest direct hot wallet attack since KuCoin’s $275 million hack back in 2020. Analysts say this incident reinforces the push for stronger CI/CD protections and automatic incident response systems to contain damage quickly.
The first half of 2025 has already seen losses across the sector surpass $2.4 billion, yet the underlying blockchain networks remain secure and censorship-resistant. For many in the crypto sphere, this highlights why decentralized self-custody and peer-to-peer infrastructure remain the backbone of the industry’s trust. Even when centralized actors face breaches, the fundamentals of crypto technology stand strong, pushing platforms to keep innovating and improving security measures for the long run.
