Hackers Exploit BigONE’s Systems, Steal Millions in Bitcoin and Ethereum

BigONE has assured that its private keys are secure and that user assets will be refunded.

5 Total views

Crypto exchange BigONE has reported a security breach involving its hot wallet infrastructure, which resulted in an estimated $27 million loss.

The incident was detected by blockchain security platform SlowMist on July 16.

Hot Wallet Nightmare

SlowMist said that the production network was compromised, and the operating logic of account and risk control-related servers was modified, which allowed the attacker withdraw funds.

BigONE confirmed the breach after the exchange’s real-time monitoring system flagged abnormal asset movements and said it was caused by a third-party attack. The exchange, however, stated that all private keys remain secure and the attack path has been identified and contained to prevent further losses.

The exchange said that it is working with SlowMist to trace the attacker’s wallet addresses and monitor the movement of the stolen funds, which include 120 BTC, 350 ETH, and over 8 million USDT across four networks.

In a statement, BigONE has vowed to cover all user losses using its internal security reserves. The exchange said it aims to ensure that user assets remain intact while it continues investigations.

After a temporary suspension, the platform restored its services. BigONE exec Alex Ash stated,

“The system upgrade has been successfully completed. Deposit and trading services have now been fully restored, and you may log in via Web or App to resume your transactions. Thank you for your patience and continued support.”

On-chain sleuth ZachXBT remarked that he does not sympathize with the exchange, and alleged that it processed significant volumes tied to pig butchering, romance, and investment scams.

He added that if more “questionable” offshore exchanges like MEXC or KuCoin were hacked for large sums, it could benefit the crypto industry by acting as a “natural cleanse” without requiring government intervention.

GMX Hack

The incident comes days after decentralized trading platform GMX was exploited for $42 million. The hacker, however, returned $40.5 million less than 48 hours after the exploit. The penetration vector included a re-entrancy vulnerability in GMX’s V1 smart contracts on July , allowing the perpetrator to manipulate GLP token prices to drain funds. They later bridged them from Arbitrum to Ethereum.

GMX offered a 10 white hat bounty in exchange for the stolen assets, which the hacker accepted, keeping a profit of about $4.5 million. GMX confirmed its V2 protocol was not affected by the incident.

#Hacks