Hackers Steal $27 Million from BigONE Exchange Without Ever Touching a Private Key

The global crypto exchange BigONE reported a $27 million loss on July 16 after a targeted supply chain attack compromised its hot wallet systems.

The exchange has assured its users that all stolen assets will be reimbursed and confirmed that the breach occurred without any private keys being leaked.

The incident occurred in the early hours of today, July 16, when BigONE’s security team noticed unusual transactions involving platform assets. Upon investigation, the team that the breach stemmed from a third-party supply chain vulnerability.

The attacker gained access to the exchange’s production environment and manipulated the server-side logic that is responsible for user accounts and risk control. By changing how these backend systems operated, the attacker was able to authorize withdrawals and transfer funds without triggering the normal internal security alarms.

Notably, the private keys linked to BigONE’s wallets were not exposed during the breach. This form of attack, often harder to detect, bypasses traditional defenses by targeting infrastructure rather than credentials.

BigONE stated that the breach has been contained, and further losses are unlikely. The exchange immediately partnered with blockchain security firm SlowMist to track the movement of stolen funds and monitor suspicious wallet activity.

PeckShield also independently the exploit and linked it to cross-chain laundering involving Ethereum, BNB Chain, Tron, Bitcoin, and Solana.

The exchange reported significant asset losses across several blockchain networks. Affected assets include large amounts of Bitcoin, Ethereum, Tether in multiple formats, as well as Solana, Dogecoin, XIN, and various ERC-20 tokens such as SHIB, CELR, UNI, LEO, and SNT.

In total, the stolen assets are estimated to be worth approximately $27 million. Blockchain explorers indicate that some of these funds were bridged between chains, suggesting attempts to obscure their origin.

Wallet addresses used in the attack have been made by SlowMist. These include wallet identifiers across Ethereum, BNB Chain, Bitcoin, Tron, and Solana networks, with transaction records showing the inflow of funds shortly after the breach was executed.

In its official statement, BigONE emphasized that no user assets would be permanently lost. The exchange has activated its internal security reserves to cover the missing funds.

These reserves include major assets like BTC, ETH, USDT, SOL, and XIN. For tokens not held in reserve, the exchange is sourcing external liquidity through borrowing to restore balance across all affected assets.

The team is working to restore full platform functionality. Deposit and trading services are expected to resume within hours, while withdrawals will be re-enabled after additional security enhancements have been completed.

The company pledged full transparency throughout the recovery and investigation process, promising to share updates and findings with users in real time.