Key Insights
- BigONE exchange recently confirmed $27 million in losses from a third-party attack on its hot wallets.
- Some stolen assets include BTC, ETH, TRX, SOL, and several stablecoins.
- The exchange has promised clients full reimbursement and is working with security firms to recover the stolen funds.
BigONE exchange has become the latest victim in the rising trend of crypto CEX hacks. On 16 July, the exchange reported that hackers had stolen over $27 Million by targeting its hot wallets.
The reports showed that the stolen assets included BTC, ETH, TRX, Solana, and millions in stablecoins.
This security breach has raised serious questions about the safety of centralized exchanges. It has added a few more digits to the rising losses the crypto industry has faced this year.
How the BigONE Exchange Hack Unfolded?
The hack was first detected when the real-time monitoring system of BigONE exchange flagged the unauthorized movement of assets. Further investigating, the BigONE team discovered that a third-party attacker had taken advantage of a very interesting security flaw.
According to blockchain security firms, the attacker gained access through compromised CI/CD (Continuous Integration/Deployment) systems. The names of these security firms include LookOnChain, SlowMist, and Cyvers.
This allowed them to turn off the platform’s internal risk checks and manipulate wallet logic. In essence, the attacker(s) injected code onto account servers and were able to drain 350 ETH within minutes. After this, they went for BTC, TRX, Solana, and other assets.
The attacker then consolidated the stolen funds into a single wallet before converting them to wrapped ETH (WETH). This move was likely performed in a bid to launder the funds.
Stolen Tokens Include BTC, ETH, TRX, SOL, and More
According to Lookonchain, the hacker stole 120 BTC (worth $14.15 million) and 23.3 million TRX ($7 million). They also stole 1,272 ETH ($4 million) and 2,625 SOL ($428,000). Furthermore, millions in USDT and other altcoins like CELR, SHIB, and SNT were also taken.
According to insights from security firm SlowMist, the attack was due to a supply chain vulnerability. Fortunately, no private keys were leaked, and the attack was isolated to the hot wallet layer.
Blockchain investigators have identified wallet addresses across multiple networks involved in the BigONE Exchange hack. The attacker’s Ethereum, Bitcoin, Solana, and TRON addresses have been shared publicly, and a full-on-chain manhunt is underway.
BigONE Exchange Responds: User Funds Safe, Losses Will Be Covered
Despite the severity of the hack, BigONE exchange assured users that all customer assets were safe. The company promised to reimburse affected funds using its internal security reserves.
BigONE seeks external liquidity through borrowing to reimburse other tokens. Meanwhile, its current reserves include BTC, ETH, USDT, SOL, and Mixin (XIN).
As of writing, trading, deposits, and withdrawals have been temporarily paused. The exchange also says operations will resume once all affected systems are secured.
The BigONE Exchange hack is the latest in a string of exploits this year. Arcadia Finance lost $3.5 million a day earlier in a similar hack. Also, Bybit and Nobitex suffered the same fate earlier in the year.
According to industry data, over $2.47 billion was stolen through hacks and scams in the first half. That figure is nearly 3% higher than the $2.4 billion lost last year.
What Happens Next for BigONE Exchange?
BigONE Exchange has promised to be transparent as the investigation continues. It is currently working with SlowMist and other firms to track the stolen assets.
So far, the attacker has begun moving funds across chains. Also, they are on the verge of laundering it all through mixing services and decentralized exchanges.
The exchange has promised to share regular updates. Also, users can expect full compensation once the internal systems are restored. Still, trust in the platform may take longer to rebuild.
BigONE Hot Wallet Hacked – $27M Stolen, Full Refund Promised
On July 16, #BigONE confirmed a hot wallet hack, losing over $27 million in #BTC, #ETH, #USDT, #SOL, #SHIB, and other tokens.
BREAKING🚨: BigONE Exchange promises full reimbursement.
BigONE lost $27M in a supply chain attack! Hacker bypassed backend verification, stealing: 120 $BTC, 1,272 $ETH, 2,625 $SOL, $USDT, $CELR, $SNT, $SHIB, $DOGE, $UNI, $XIN.
Ivan Petrov is a seasoned journalist with deep insights into Russia’s dynamic crypto landscape. His work focuses on market dynamics and the transformative potential of blockchain technology, making him a go-to expert for understanding Russia’s digital financial innovations.