The BigOne crypto exchange, a market with significant daily trading volumes, has fallen victim to a sophisticated supply chain attack resulting in an estimated $27 million in losses across Ethereum, Solana, TRON, and Bitcoin networks. The incident, confirmed by the SlowMist security team, highlights a rare exploit targeting exchange logic rather than private key compromise, allowing the hacker to bypass withdrawal limits and drain substantial liquidity.
This unauthorized withdrawal represents the most significant attack against BigOne since its founding in 2017. The exchange, currently ranked #91 on CoinGecko's reliability index with a trust score of 6/10, has historically maintained relatively high volumes but with limited liquidity for certain trading pairs, posing slippage risks. On-chain investigator ZachXBT also noted the exchange's past association with laundering funds from personal scams.
Crucially, the attack did not involve the leakage of BigOne's private keys. Instead, the vulnerability lay within the exchange's operational logic outside its wallet infrastructure. This allowed the attacker to effectively command the system to authorize unlimited withdrawals.
The BigOne team promptly identified the suspicious outflows from its main hot wallet and confirmed that the wallet's keys remain secure. The exchange is actively working to restore deposit and withdrawal services, with a system upgrade message still posted hours after the exploit.
Initial investigations reveal that the outflows impacted a series of hot wallets across multiple chains. The hacker siphoned off assets including approximately 120 BTC, nearly $4 million in ETH and various (potentially illiquid) tokens, stablecoins across different networks, SHIB, DOGE, and smaller Ethereum-based tokens. An additional $7 million in TRX tokens was also siphoned from the TRON network.
BigOne has reassured users that their balances have not been materially affected, stating it will utilize its insurance fund to cover the losses. According to DeFiLlama data, the exchange currently holds over $91 million in crypto assets. BigOne's primary trading pairs typically involve BTC, ETH, and SOL, alongside LTC and older meme tokens like BONK and DOGE.
The BigOne exploit marks a concerning resurgence of supply chain attacks targeting centralized exchanges, a type of incident that has been less common since the $275 million KuCoin hack in 2020. More recently, exploits have largely focused on decentralized protocols, such as the $42 million outflow from the GMX protocol this past week (funds which were subsequently returned by the hacker). Even the notable Bybit attack involved a wallet vulnerability rather than a direct breach of the exchange's core account and authorization infrastructure.
This incident serves as a stark reminder that even with robust security measures like unaffected private keys, server vulnerabilities that manipulate exchange logic can pose significant threats. The ability of the hackers to bypass account and withdrawal controls, even if outsized transactions were flagged, underscores the evolving sophistication of cyber threats in the crypto landscape.
BigOne, founded in 2017, has navigated several bull and bear markets, initially operating in mainland China before relocating due to regulatory restrictions. Its long-term presence means its asset portfolio largely consists of altcoins from previous bull cycles, with limited exposure to newer meme tokens. The exchange's immediate response and commitment to covering losses from its insurance fund will be critical in maintaining user trust following this significant security breach.
July 2025, Cryptoniteuae