July 16, 2025 – Crypto exchange BigONE disclosed this morning that it fell victim to a supply‑chain attack on July 16, resulting in the theft of roughly $27 million worth of assets. The company reported the loss stemmed from a breach in its hot‑wallet infrastructure, affecting tokens including BTC, ETH, USDT, TRX, SOL, and others.

‍

In a statement shared via its official Twitter (X) account, BigONE said in the “early hours of July 16” it detected “abnormal movements involving a portion of the platform’s assets” and rapidly confirmed the incident as a third‑party exploit targeting hot wallets. The exchange emphasized that private keys remained uncompromised, and it has successfully contained the attack vector.

‍

Security firm SlowMist issued a public alert, noting the breach resulted from a supply‑chain exploit and data manipulation at the server level. SlowMist’s post described how attackers “modified the logic of account and risk control related servers”, enabling unauthorized withdrawals across multiple chains, though no private keys were stolen.

‍

BigONE confirmed it’s collaborating with SlowMist to trace stolen tokens across Bitcoin, Ethereum, Tron, Solana, and BNB Chain, with an initial tracking full underway.

‍

The exchange affirmed that all users will be fully reimbursed via internal security funds, covering tokens like BTC, ETH, SOL, USDT, and XIN. For less common assets, BigONE is tapping external liquidity channels to restore balances  . Trading and deposits have already resumed, while withdrawals remain suspended until further security measures are fully deployed.

‍

‍

Supply‑chain breaches—where attackers infiltrate via third‑party infrastructure dependencies—have become increasingly common. Experts say that this incident underscores the need for hardened CI/CD pipelines, dependency validation, and robust “last‑mile” monitoring of hot‑wallet operations.

‍

Preliminary on‑chain data from CertiK indicates the attacker has already moved significant amounts, including approximately 120 BTC ($14 million), 1,272 ETH ($4 million), and millions of other tokens across chains.

‍

BigONE’s decisive action—swift containment, transparent updates, and full user compensation—may help restore trust amid growing concern over third‑party vulnerabilities in centralized exchanges. Monitoring the progress of fund tracing and post‑breach security audits will be key to assessing long‑term reputational impact.

‍