BigONE exchange has confirmed a third-party attack on the platform, with preliminary losses estimated at approximately $27 million. The centralized exchange reveals that the withdrawals were made from its hot wallet across multiple networks, such as BTC, ETH, SOL, TRX, and USDT.
According to the exchange, no private keys were compromised. However, server logic was tampered with, circumventing risk protocols. The latest breach is a wake-up call about the vulnerability of centralized exchanges and the demonstration of evolving attacks on protocols.
Details Emerge from SlowMist Findings
Following the attack, BigOne contacted SlowMist to help trace the funds. The security firm confirms that the hack happened due to a suspected supply chain attack on the exchange.
The attacker manipulated the logic of servers related to account and risk control in the production network through compromised CD pipelines or third-party dependencies. By altering the authorization systems, the attacker executed unauthorized withdrawals, causing losses exceeding $27 million. SlowMist noted on X that no private keys were leaked.
Interestingly, no private keys were touched, highlighting the attacker’s brilliance. Funds were quickly swapped and diverted across multiple chains, making tracking complicated.
The attacker’s address has been identified as follows:
- Ethereum & BSc: 0x9Bf7a4dDcA405929dba1FBB136F764F5892A8a7a
- Solana: HSr1FNv266zCnVtUdZhfYrhgWx1a4LNEpMPDymQzPg4R
- Bitcoin: bc1qwxm53zya6cuflxhcxy84t4c4wrmgrwqzd07jxm
- Tron: TKKGH8bwmEEvyp3QkzDCbK61EwCHXdo17c
Big One Exchange initiated an immediate response by pausing withdrawals. It has activated internal security reserves in BTC, ETH, USDT, SOL, and XIN to replenish user funds, and assured users that the platform will fully cover all user losses resulting from the incident. The exchange is still working with SlowMist to
BigOne Attack Highlights the Need for Deeper Security
This BigONE exploit highlights how, even without leaked private keys, attackers can wreak havoc by changing server logic. Before now, most hacks targeted private keys, whereas the latest attack on BigOne didn’t. This shows the evolving sophisticated manipulation in protocols, especially in production systems.
Hot wallets remain a target for hacks. Experts advise fortifying logic-level controls. In addition, exchanges should reconsider incorporating hybrid models, such as multi-signature and time locks, for enhanced security.
Furthermore, exchanges must treat every entry point in their software stack as a potential vulnerability or exploit. The BigOne attack is a clear example of what could happen when a security layer isn’t properly reinforced. For faster recovery, exchanges should isolate critical risk control systems and use real-time AI anomaly detection.
Adaptation is Key to Survival
As attacks evolve, centralized exchanges must adapt to these changing security infrastructures. Supply chain attacks are rising in crypto, and without fortified security protocols, users will lose trust in these exchanges and may refrain from using their services. Centralized infrastructure must defend every layer of security. Otherwise, the crypto ecosystem will become another fragile space.
The BigOne attack isn’t the only security breach recently. On July 15, DeFi platform Arcadia Finance was reportedly hacked for $2.5 million worth of USDC and USDS. The attacker pounced on a vulnerability in the Rebalancer contract to cater away with users’ funds. In total, the DeFi space has lost over $2.4 billion since January, 2025.
