On July 16, 2025, crypto exchange BigONE confirmed that it was hacked. The attacker stole around \$27 million in digital assets from its hot wallet. The incident raised questions about exchange security, operational oversight, and risk management in the crypto industry.
The Breach
The hack began with unusual outflows from BigONE’s hot wallet. On-chain analysts and security firms flagged the movements early. Blockchain monitoring service Lookonchain was one of the first to confirm the loss.
According to their data, the hacker made off with a large amount of tokens, including:
- 120 Bitcoin (roughly $14 million)
- 1,272 Ethereum (about $4 million)
- 23.3 million TRON (approximately $7 million)
- 2,625 Solana (worth around $428,000)
These tokens were quickly swapped or moved across various wallets, most of which have been identified. The attacker also transferred funds to addresses on multiple blockchains, including Bitcoin, Ethereum, Solana, and TRON.
Security firm CertiK noted that the attacker now holds multiple assets at different wallet addresses, making recovery difficult.
What Caused the Hack?
According to an internal investigation and findings from security firm SlowMist, the breach was not due to a leaked private key. Instead, it was a supply chain-style attack. The attacker manipulated internal logic in BigONE’s production systems. That allowed them to bypass account-level risk controls and initiate unauthorized withdrawals.
This kind of attack doesn’t need access to user keys or even to the wallet software itself. It targets backend infrastructure—like servers that manage account activity or approve transactions. By interfering with that logic, the attacker was able to drain the hot wallet without triggering normal security alerts in time.
BigONE’s Response
In a press statement issued on the same day, BigONE admitted to the breach. The company said user assets are safe and promised to fully cover all losses using its own reserves. The stolen tokens will be replaced from internal security funds, which include BTC, ETH, USDT, SOL, and XIN.
Other tokens that were lost—such as SHIB, DOGE, CELR, and SNT—will be recovered through borrowed liquidity or other external means. A full breakdown of the lost tokens was published, including:
- 6.97 million USDT (TRC20)
- 1.39 million USDT (ERC20)
- Over 15 million CELR
- Nearly 10 billion SHIB
- 538,000 DOGE
- 4.3 million SNT
- 25,487 UNI
- Other smaller amounts across dozens of tokens
The company paused trading and deposits temporarily. They say the system will be back online within hours. Withdrawals will stay on hold until further security upgrades are complete.
BigONE also promised full transparency and regular updates as the investigation continues.
Public Reaction and Allegations
Not everyone reacted with sympathy. Popular blockchain investigator ZachXBT said BigONE has a history of being connected to shady activity. He claimed the platform previously processed funds linked to scams like pig butchering, fake investment schemes, and romance frauds.
ZachXBT also shared addresses allegedly tied to these scams, claiming BigONE failed to block or report them. He said the same wallet used in the current hack had been active for months before the breach.
His comments have sparked debate about how centralized exchanges handle compliance and risk. Some in the crypto community believe this hack is partly a result of weak oversight, not just a technical error.
BigONE has not directly addressed those allegations but said it will cooperate with law enforcement and share all investigation data with the public.
Bigger Picture: Crypto Hacks in 2025
This year has seen a string of major breaches across the crypto space. BigONE now joins a growing list of affected exchanges. Just weeks earlier, Iranian exchange Nobitex suffered a data leak and suspected fund loss. Bybit and several DeFi platforms have also reported attacks this year.
As the crypto industry grows, attackers are shifting tactics. Instead of brute-force hacks or phishing, they now often use more complex methods—like exploiting internal systems, API flaws, or weak business logic in backend code.
The BigONE case is a textbook example of this. Even though no private keys were exposed, the attacker still walked away with \$27 million in crypto.
What Can Users Learn?
This incident is a reminder that even large exchanges can be vulnerable. If you hold a significant amount of crypto, keeping it all on a single exchange is risky.
Here are a few takeaways for crypto users:
- Avoid storing large funds in exchange wallets
- Use cold wallets for long-term holdings
- Choose exchanges with a proven security record
- Follow news from blockchain security trackers
- Be cautious of exchanges that ignore scam activity or fail to report suspicious wallets
The Road Ahead
BigONE says all systems are under review. The internal team is working with SlowMist and other firms to trace the hacker and recover assets if possible. However, funds have already been moved and swapped, which makes recovery hard.
Law enforcement may get involved soon, especially if scam-linked addresses or illegal flows are confirmed.
Meanwhile, BigONE must now repair trust. Whether or not they succeed depends not only on how they fix their systems, but also how open they are about the hack, the cause, and the aftermath.
For now, user assets are said to be safe. The platform is covering all losses. But users, regulators, and security experts will be watching closely in the weeks ahead.
