Crypto exchange BigONE has confirmed a security breach on July 16, with attackers siphoning approximately $27 million in digital assets.
According to blockchain security firm SlowMist, the attackers infiltrated BigONE’s production environment by altering server logic tied to account operations and risk controls. This server-level manipulation reportedly enabled unauthorized withdrawals directly from user wallets, bypassing conventional protections.
🚨SlowMist TI Alert🚨
The exchange @BigONEexchange was exploited due to a supply chain attack and loss exceeds $27 million. The production network was compromised, and the operating logic of account and risk control related servers was modified, enabling the attacker to withdraw… pic.twitter.com/GkxlNIUs6A
— SlowMist (@SlowMist_Team) July 16, 2025
BigONE later disclosed that the breach stemmed from a vulnerability in a third-party supply chain component. The affected system has now been contained, and the exchange has launched a comprehensive investigation in partnership with SlowMist to trace the attacker’s wallet addresses and track the movement of funds across the blockchain.
Despite the scale of the incident, BigONE assured users that all private keys remain uncompromised and that no further losses are anticipated. The company emphasized that user assets will be fully restored and unaffected, as it intends to cover the losses using internal security reserves and external liquidity support.
To stabilize operations, BigONE has mobilized reserves comprising Bitcoin (BTC), Ethereum (ETH), Tether (USDT), Solana (SOL), and XIN. For less liquid or alternative assets, the platform is sourcing funds through external borrowing mechanisms. While trading and deposit services are expected to resume within hours, withdrawal functions will return only after enhanced security protocols are implemented.
The list of compromised assets includes 120 BTC, 350 ETH, 8.5 million USDT across multiple chains, 20,730 XIN, 4.3 million SNT, 1 WBTC, 15.7 million CELR, 16,071 LEO, 25,487 UNI, 9.7 billion SHIB, 1,800 SOL, and 538,000 DOGE.
BigONE has pledged to issue transparent and real-time updates on the investigation. The company apologized for the disruption and reaffirmed its commitment to platform integrity and user trust.
This breach adds to a troubling trend in 2025. According to blockchain intelligence firm TRM Lab, over $2.1 billion in crypto assets have been stolen this year alone, most of it through private key leaks and front-end security compromises.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
