16.07.2025 07:01

A significant security breach targeting BigOne exchange resulted in the theft of over $27 million, according to internet sources. The attack, identified as a sophisticated supply chain compromise by the SlowMist team, allowed the perpetrator to drain liquidity across four major blockchains: Ethereum, Solana, TRON, and Bitcoin. This incident represents the largest attack on BigOne to date.

The attackers, exploiting a vulnerability in the exchange's infrastructure rather than directly compromising private keys, manipulated the account and risk control server logic. This granted them the ability to withdraw funds seemingly without limit from the exchange's main hot wallet. SlowMist’s analysis pinpointed the unauthorized withdrawals, highlighting the severity of the compromised system.

Despite the substantial loss, BigOne assures users that their private keys remain secure and that the exchange will fully compensate for the stolen funds. The exchange, currently ranked 91st on the CoinGecko reliability index with a trust score of 6/10, has experienced a system upgrade in the wake of the incident, aiming to restore deposit and withdrawal services shortly. However, the temporary suspension of these services underscores the impact of the attack.

While BigOne processes high trading volumes, it isn't considered a top-tier exchange. This, coupled with its reported limited liquidity and potential for slippage in certain trading pairs, may have contributed to the vulnerability. Furthermore, online investigators have noted BigOne's use in past money laundering schemes linked to personal scams, raising further concerns about its security practices. The incident highlights the ongoing challenges facing even mid-sized cryptocurrency exchanges in maintaining robust security protocols against sophisticated attacks.