BigONE Hacked for $27M in Hot Wallet Breach

• BigONE lost $27M in a hot wallet hack linked to a third-party intrusion
• Attackers laundered assets into TRX, SOL, ETH, and BTC
• Exchange services have been restored and all user losses are being reimbursed

Another crypto exchange, another security incident — this time, it’s Seychelles-based BigONE in the spotlight, after a third-party intrusion compromised its hot wallet, draining $27 million worth of digital assets.

The breach occurred midweek and has already been contained.

Thankfully, no user data or private keys were compromised, and the exchange moved quickly to bring deposit and trading services back online. Security firm SlowMist was brought in to track the flow of stolen funds, and blockchain analytics team Lookonchain later confirmed how the attackers had begun laundering the assets across multiple chains.

Security Incident: unauthorized access to our hot wallet

All user assets are safe. BigONE will fully bear all the losses. Trading and deposits will resume soon; withdrawals after added security upgrades.

— BigONE (@BigONEexchange) July 16, 2025

Their preferred destinations? Just under 23.3 million Tron, over 2,600 SOL, more than 1,200 ETH, and a clean 120 BTC. It’s the standard playbook: hit a hot wallet, split the haul, mix and swap, and try to disappear into liquidity.

The root cause seems to be yet another supply chain intrusion, an increasingly common vector in this era of interconnected Web3 systems. It’s rarely the exchange itself that’s vulnerable — it’s often the external tools, scripts, vendors, or security layers that are integrated without airtight scrutiny.

Still, there’s a silver lining in this one: BigONE is covering all user losses, confirming that account holders won’t be materially impacted. That’s more than we can say for many other hacks in recent history.

And while this level of response should be the baseline, it’s still refreshing to see an exchange not vanish into radio silence or delay refunds behind endless paperwork.

The incident is part of a broader trend that’s once again accelerating. According to Chainalysis, total funds stolen from crypto hacks between January and June 2025 have already surpassed the entire theft total from 2024. Think about that — we’re only halfway through the year, and the numbers are already worse.

What does that tell us?

Two things: First, the bull market (and increasing liquidity on-chain) is drawing out bad actors like sharks to blood. Second, infrastructure — especially when it relies on hot wallets and third-party dependencies — is still not secure enough.

Until exchanges take cold storage security and supply chain risks more seriously, this pattern won’t stop. This wasn’t about user mistakes or rug pulls — this was a surgical hit on a vulnerable hot wallet in a system that’s supposed to be robust.

Crypto may be decentralized in theory, but the reality is most of it still flows through central points of failure like this one. And every time they fall, confidence takes another hit.