BigONE Exchange Hit by $27M+ Supply Chain Hack—Here’s What Went Down

Another day, another crypto exchange bleeding funds—this time it's BigONE in the crosshairs. Hackers pulled off a slick supply chain attack, slipping past defenses to swipe over $27 million. Who needs regulators when you've got thieves doing the 'oversight' for you?

How the breach went down:

Attackers compromised a third-party vendor, injecting malicious code that bypassed security protocols. The exploit drained hot wallets before anyone noticed the digital heist in progress. Classic 'sleep-at-the-wheel' energy from an industry that never learns.

Why this matters:

Supply chain attacks are crypto's new favorite nightmare—harder to detect than direct breaches, with the same catastrophic results. This marks the third major exchange hack this quarter, proving that 'not your keys, not your coins' applies doubly to platforms cutting corners on vendor vetting.

The fallout:

BigONE's scrambling to freeze stolen assets (good luck with that), while traders are left holding the bag. Meanwhile, Bitcoin's price barely flinched—because at this point, nine-figure exchange hacks are just background noise in the crypto circus.

Production Network Was the Main Target

The attackers exploited the supply chain vector, gaining access to BigONE’s production infrastructure, according to security firms.

As a result, the logic around risk management was tampered with, along with account operations, leading attackers to siphon funds exceeding $27 million.

The exploiter extracted around $4 million in ETH and multiple other tokens, according to CertiK Alert.

#CertiKInsight

We have seen multiple large token outflows from 0xd4dcd2459bb78d7a645aa7e196857d421b10d93f that are related to the latest BigONE security incident.

The exploiter now holds ~$4M in ETH and multiple other tokens (may not be liquidatable ) at… pic.twitter.com/qWM0rFfNbB

“The attacker is already moving funds swapping into TRX, BTC, ETH & SOL,” another security firm noted. According to Lookonchain data, the hacker quickly split and converted the funds, moving 120 Bitcoin worth $14.15 million, 23.316 million Tron tokens worth $7.01 million, 1,272 Ether worth $4 million and 2,625 Solana tokens worth $428K, across multiple addresses.

Additionally, the BigONE team noted that in order to handle losses and compensation, they have activated our internal security reserves, which include BTC, ETH, USDT, SOL, and XIN tokens.

“For other affected mainstream and non-mainstream tokens, we are actively securing external liquidity through borrowing mechanisms to restore the platform wallet as soon as possible,” BigONE added.