Crypto exchange WOO X has reported a security breach that led to unauthorized withdrawals totalling $14 million across nine user accounts.
The exploit, which occurred on July 24, was traced to a targeted phishing attack that compromised a team member’s device, granting attackers limited access to the exchange’s development environment.
According to WOO X’s statement, the first malicious withdrawal was initiated at 1:50 PM (UTC+8). Over the following two hours, additional unauthorized transactions were executed before the breach was detected and contained by 3:40 PM. While some withdrawal attempts were blocked in time, $14 million was successfully drained before intervention.
We’re currently investigating a contained incident that occurred on WOO X earlier today
While user funds and trading are unaffected, withdrawals have been temporarily paused while we complete the investigation.
Stay tuned to this account for updates: https://t.co/qWc9cDhn2z
— WOO X (@_WOO_X) July 24, 2025
Blockchain security firm Cyvers Alerts flagged over $12 million in suspicious transactions linked to WOO X shortly after the attack. Tracked movements included $1 million worth of Tether transferred from a WOO X hot wallet to Ethereum, followed by conversions and transfers involving BTCB and BNB on BNB Chain.
In response, WOO X suspended withdrawals platform-wide as a precautionary measure and is conducting a full forensic review in collaboration with external security experts and other exchanges to halt further movement of the stolen funds. The company has published six wallet addresses connected to the attacker and is actively monitoring the assets across chains.
WOO X assured customers that all affected users will be fully reimbursed. The exchange emphasised that the breach impacted only nine high-value accounts and did not compromise its core infrastructure.
The company plans to announce a timeline for resuming withdrawals once its forensic investigation concludes.
This incident adds to the recent wave of centralized exchange breaches in July. Just days earlier, CoinDCX suffered a $44.2 million exploit involving a Solana-to-Ethereum bridge, the company stated that all losses from the incident are being fully covered using its emergency reserves, emphasizing that no customer portfolios or systems were compromised.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
