BigONE Cryptocurrency Exchange Hot Wallet Exploit

Seychelles-based cryptocurrency exchange BigONE suffered a significant hot-wallet exploit resulting in losses estimated at $27 million across multiple blockchains, including Bitcoin, Ethereum, BNB Chain, Solana, and TRON. The exchange confirmed the incident on 16 July, reporting that abnormal withdrawals had been detected and that hot-wallet operations were immediately suspended. Importantly, BigONE emphasized that its cold storage reserves remained secure and assured customers that all user losses would be fully covered from company funds.
Independent investigations revealed that the breach was not a direct theft of private keys but rather a compromise of BigONE’s production systems. Attackers allegedly manipulated account and risk-control logic, allowing fraudulent withdrawal requests to bypass automated checks. This sophisticated method enabled the adversaries to drain assets quickly across several chains, complicating both detection and recovery. Blockchain analysts traced stolen funds as they moved through decentralized exchanges and cross-chain bridges, a common laundering tactic designed to obscure transaction origins.
The incident highlighted ongoing vulnerabilities in the digital asset ecosystem. Security researchers stressed the need for strict segmentation of production environments, continuous monitoring of wallet operations, and enhanced auditing of withdrawal logic. Furthermore, they noted that multi-chain custody, while convenient for users, inherently expands the attack surface.
Ultimately, BigONE’s rapid disclosure, immediate mitigation steps, and commitment to reimburse customers demonstrated effective crisis management, but the exploit served as a stark reminder of the evolving sophistication of cyberattacks on cryptocurrency platforms worldwide.