Oh, the irony! BigONE, the once-mighty crypto exchange, has fallen victim to a supply chain attack that has left it reeling with over $27 million in losses. The attacker, a cunning fox no doubt, was able to withdraw funds from a network exploit, leaving the exchange’s hot wallet in tatters.
On July 16, the crypto exchange suffered a third-party attack that targeted the company’s hot wallet. The team, now sporting a fresh batch of grey hairs, is currently working with on-chain security firm SlowMist to investigate the exploit. According to the report, the exchange’s production network was compromised in the attack that resulted in a $27 million loss.
SlowMist, the unsung heroes of this tale, have managed to track down the hacker’s addresses, which are linked to Ethereum (ETH), BSC (BNB), Solana (SOL), Bitcoin (BTC) and Tron (TRX). The security firm is currently following up on the stolen funds and updating the company on the movements of funds.
🚨SlowMist TI Alert🚨
The exchange @BigONEexchange was exploited due to a supply chain attack and loss exceeds $27 million. The production network was compromised, and the operating logic of account and risk control related servers was modified, enabling the attacker to withdraw…
So far, the company has activated internal security reserves to protect user funds from further exploits and to maintain on-chain liquidity. The team claims that all private keys remain secure and the loop hole from the attack has been identified and contained.
“For other affected mainstream and non-mainstream tokens, we are actively securing external liquidity through borrowing mechanisms to restore the platform wallet as soon as possible,” wrote BigONE in its statement.
How was BigONE attacked?
Based on the firm’s report, the attacker was able to gain access to BigONE’s production network. This includes the live servers responsible for account management and risk controls. The attacker then modified the “operating logic” of these servers that can control which withdrawals were valid and which ones were not.
As as result, the attacker did not need to infiltrate the system to steal private keys. All they had to do was manipulate the logic servers in order to approve and process withdrawals, letting malicious actors fly under the radar and steal funds by withdrawing them from the exchange.
Upon detecting the exploit, BigONE disabled their deposit and withdrawal feature to prevent any more funds from escaping. However, the team promised to resume their services within a few hours after more security reinforcements are added.
“We are actively securing external liquidity through borrowing mechanisms to restore the platform wallet as soon as possible,” said BigONE.
Read More
- Gold Rate Forecast
- Microsoft has a new way to use AI in OneNote — but a “dumb” feature excites me more
- Anime’s Greatest Summer 2024 Shonen Hit Drops New Look Ahead of Season 2
- xAI’s $300/month Grok 4, billed as a “maximally truth-seeking AI” — seemingly solicits Elon Musk’s opinion on controversial topics
- Tokyo Game Show 2025 exhibitors list and main visual announced
- Bill Gates says AI will replace humans for most things — but coding will remain “a 100% human profession” centuries later
- Jeffrey Epstein’s “Client List” Doesn’t Exist, Justice Department Says
- Narcos: Mexico’s Manuel Masalva Details Being “Reborn” After Coma
- Why Stephen Baldwin Is “Blessed” By Justin & Hailey Bieber’s Marriage
- Twilight Director Details “Earth-Shattering” Lesson From the Movie
2025-07-16 10:21