- BigONE lost $27M in a targeted hot wallet exploit detected by real-time monitoring.
- Stolen assets included BTC, ETH, USDT, and SHIB and were moved using intermediary wallets.
- The breach exposed security gaps in CI/CD systems and wallet server segmentation.
BigONE cryptocurrency exchange has announced a major security breach that affected its hot wallet system, resulting in a loss of approximately $27 million. It was confirmed on July 16, and the attack was identified by using internal monitoring tools that indicated abnormal activity on assets. A quick investigation revealed that the attack was a third-party exploit of the exchange’s infrastructure. It also mentioned that the mode of attack was detected and completely isolated, and no more unauthorized access or loss of assets could occur.
Stolen Assets Tracked, User Funds Set for Reimbursement
According to BigONE, the assets taken in the breach included 120 Bitcoin, 350 Ether, 1,800 Solana, and millions in USDT. Additional tokens affected included SHIB, CELR, SNT, and more. The attacker consolidated these assets into a single wallet and began moving the funds using wrapped ETH and fresh intermediary addresses, suggesting an effort to obscure their trail.
On its part, BigONE promised to reimburse all the losses incurred by users. The firm has mobilised its internal holdings in BTC, ETH, USDT, Solana, and Mixin (XIN) as its reserves to compensate the affected users. In the case of other non-reserve tokens, the exchange is borrowing liquidity in order to replace the balances of impacted wallets.
Blockchain security firm SlowMist is working with BigONE to trace the movement of the stolen assets. In parallel, Cyvers, a separate cybersecurity group, released findings indicating that the attack likely originated through compromised Continuous Integration and Continuous Deployment (CI/CD) processes or server access systems. The attacker was able to deploy unauthorized binaries on the exchange’s operational servers and bypass key internal controls.
The attack began with an authorized withdrawal of 350 ETH. Following this initial move, the attacker executed additional transactions on the Bitcoin, Tron, and Solana networks. The stolen funds were then transferred to external wallets, which could have been a preparatory step for laundering via decentralized protocols.
Security Gaps at BigONE Renew Focus on Hot Wallet Risks
The analysis revealed the presence of multiple security issues within BigONE’s security systems, as highlighted by Cyvers. These included the use of a centralized hot wallet structure, low transaction auditing, inadequate infrastructure division, and insufficient code verification prior to execution. Through these weaknesses, the hacker was able to transfer money abroad without detection within a specified timeframe.
Yehor Rudytsia, a cybersecurity analyst, highlighted that crypto platforms should use more powerful security strategies. He emphasized the need to protect CI/CD systems, segregate the wallet infrastructure, and implement automated threat alert protocols that provide real-time responses.
Related: GMX Hacker Returns Funds From Exploit, Accepts $5M White-Hat Bounty
The hack has reignited a broader discussion about the purpose of hot wallets, as well as the security of centralized exchanges. There exists a risk of attack to the hot wallets that are kept online to enable transactions by users, in addition to those that are kept offline, the cold wallets. The ability of platforms to prioritize cold storage and restrict access to hot wallet infrastructure has long been a warning from experts.
Leading platforms, such as Coinbase and Binance, have taken stronger measures in this regard. Coinbase holds the vast majority of customer funds in cold wallets and maintains insurance to cover online asset losses. Binance operates an emergency insurance fund (SAFU) to protect users in similar situations.
BigONE is actively working to recover user assets. The exchange is also taking steps to strengthen its infrastructure. The breach highlights the urgent need for stronger security standards, improved wallet architecture, and proactive defense measures across the industry.
