BigONE Exchange Drained of $27M in Hot Wallet Breach—Vows 100% User Refunds
Crypto exchange BigONE got rocked by a $27 million hot wallet exploit—but in a rare twist, they’re footing the bill for users.
When 'security' meets 'oops.' The platform confirmed the breach today, calling it a 'sophisticated attack' (translation: someone bypassed their defenses). No cold storage funds were touched—just the hot wallet’s $27M liquidity pool.
Refund promise: 'Full reimbursement' for affected users. Cynics note this might cost less than the PR disaster of not paying. The exchange claims it’ll absorb the hit 'without passing losses to customers.'
Pro tip for exchanges: Maybe stop leaving eight figures in hot wallets? Just a thought.
Hot Wallet Breach Hits BigONE
Seychelles-based crypto exchange BigONE revealed that it had suffered a major security breach, resulting in the loss of approximately $27 million. The incident was traced to a supply chain attack that targeted the platform’s hot wallet infrastructure.
In an official statement, the exchange said,
“In the early hours of July 16, BigONE detected abnormal movements involving a portion of the platform’s assets. Upon investigation, it was confirmed to be the result of a third-party attack targeting our hot wallet.”
SlowMist Flags Breach
The hack was first reported by blockchain security firm SlowMist, which indicated that the attacker had gained access to the exchange’s production network.
SlowMist stated,
“The production network was compromised, and the operating logic of account and risk control-related servers was modified, enabling the attacker to withdraw funds.”
The firm clarified that private keys were not exposed during the attack.
Assets Affected and Response Measures
BigONE, which supports trading in over 180 cryptocurrencies, disclosed that the stolen funds included 120 BTC, 350 ETH, 1,800 SOL, and roughly 8.54 million USDT across four different networks. Other affected tokens include Dogecoin (DOGE), shiba inu (SHIB), and CELR, bringing the total to eight cryptocurrencies impacted.
Despite the breach, the exchange asserted that its private keys remain secure. The attack path has been “identified and contained,” according to the team, which also confirmed that no additional losses are expected. In response, BigONE has initiated system recovery efforts and is working with SlowMist to trace the attacker’s addresses and monitor on-chain fund movements.
User Funds To Be Fully Reimbursed
To mitigate the impact on users, BigONE announced it WOULD cover all losses from the attack. The platform stated,
“We will fully cover all losses incurred from this incident to ensure that user assets are not affected in any material way.”
The company has activated its internal security reserve,comprising BTC, ETH, USDT, SOL, and XIN, to replenish user balances. Additionally, BigONE is securing external liquidity through borrowing to restore affected token pools, both mainstream and otherwise.
Deposit and trading services are expected to resume shortly, with withdrawal capabilities returning after a final round of security enhancements.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
