The BigONE hack

The BigONE hack: supply chain attack worth USD 27 million

On July 16, 2025, the BigONE cryptocurrency exchange fell victim to a sophisticated cyberattack: criminals stole cryptocurrencies worth around 27 million US dollars from the Hot wallets of the platform. This incident illustrates how technically sophisticated attackers have become in compromising even established exchanges. More on this in the Original message from Heise Online.

In this blog article, we analyze the course of the attack, the method used by the Supply chain attackThe aim is to derive lessons for the entire industry and formulate recommendations for action for exchanges and users.

Background and current context

The year 2025 represents a sad record for the crypto industry: In the first six months, according to the Mid-Year Update from Chainalysis over USD 2.17 billion in cryptocurrencies stolen from exchanges and wallet services - more than in the whole of 2024.

A particularly prominent example is the Bybit hack in February 2025in which groups of suspected North Korean perpetrators stole around USD 1.5 billion. Further details can be found at the IC3 Publication and Reuters reports.

The attack: How the supply chain attack worked

The BigONE hack used a sophisticated supply chain attack that specifically targeted the hot wallet infrastructure. Supply chain attacks are considered one of the most dangerous threats, as they exploit the chain of trust between software updates and third-party components:

1. Infiltration of manipulated software modulesThe attackers gained access to the development environment of an external software supplier that provides essential wallet management tools for BigONE. By inserting malicious code into the modules, they were able to modify the payout logic undetected.
2. Automated triggering of unauthorized transactionsAfter installing the compromised updates in the production environment, the malicious code automatically triggered a series of unauthorized transactions. These bypassed the usual security checks and led to massive outflows.
3. Disguising the transaction pathsThe perpetrators exchanged the stolen coins (including 120 BTC, 350 ETH and 538,000 DOGE) via Decentralized exchanges in Altcoins and used Mixer servicesto further cover their tracks.

These steps enabled the withdrawal of assets worth around USD 27 million within a few minutes.

Response from BigONE and customer protection

Immediately after the attack was discovered on July 16, 2025, BigONE suspended all Deposits and withdrawals and the Trade to isolate the systems and forensic investigations to be initiated. According to Heise Online no private keys were compromised.

External security partners such as SlowMist and PeckShield identified and removed the malicious code. Deposits and trading were restored on the same day, and withdrawals were made by July 17.

BigONE declared that it would cover all losses from internal reserves and credit lines so that no users would suffer financial losses. Transparent communication via blog posts and social networks helped to avoid panic.

Comparison with other crypto hacks in 2025

• Bybit (February 2025): Around USD 1.5 billion stolen through external wallet vulnerabilities (IC3-Alert).
• Coinbase (May 2025): Interior attack led to the withdrawal of approx. 400 million USD, documented by Business Insider.
• Arcadia Finance (June 2025)Hot wallet exploit with losses of around USD 3.6 million.

These cases show that attackers use both external and internal attack paths and the amounts vary depending on the target.

Implications and recommendations for action

1. Supply chain auditsIndependent testing of third-party software.
2. System separationClear demarcation of development, test and production environments.
3. Anomaly monitoringReal-time alerts for unusual transactions.
4. Emergency plans & funds: Provisions for compensation.
5. Regulatory dialogMinimum standards for capital and security requirements.

Conclusion

The BigONE hack in July 2025 marks a warning signal for supply chain attacks in the crypto industry. Although the financial damage was more moderate than with Bybit, the incident shows that every provider is vulnerable. Only technical, organizational and regulatory measures can ensure long-term trust.

FAQ about the BigONE hack

1. What is a supply chain attack?
   An attack in which attackers exploit vulnerabilities in the software supply chain to inject malicious code.
2. When did the attack on BigONE take place?
   On July 16, 2025.
3. How high was the total loss?
   Approximately USD 27 million.
4. Which coins were stolen?
   120 BTC, 350 ETH and 538,000 DOGE.
5. Have private keys been compromised?
   No, according to BigONE, all keys remained secure.
6. How were the hackers able to withdraw the coins?
   Malicious code in manipulated wallet tools that automated payouts.
7. What immediate measures did BigONE take?
   Suspension of deposits/withdrawals, trading and OTC, and start of forensic analyses.
8. Which companies support forensics?
   SlowMist and PeckShield.
9. When were all services back online?
   Deposits and trading on July 16, withdrawals on July 17.
10. Who covers the losses?
    BigONE itself from its own reserves.
11. Did users receive compensation?
    Yes, completely without losses.
12. How did the perpetrators cover their tracks?
    Exchange in altcoins and use of mixers.
13. Are there any clues about the perpetrators?
    No official attribution, indications point to professionals.
14. How frequent are such attacks?
    Supply chain attacks are on the rise.
15. How do stock exchanges protect themselves?
    Through audits, system separation and monitoring.
16. What is a hot wallet?
    A wallet constantly connected to the Internet for fast transactions.
17. Why are hot wallets risky?
    More susceptible to hacks because of their online connection.
18. What role do supervisory authorities play?
    Definition of minimum standards for security and capital.
19. What is anomaly monitoring?
    Real-time monitoring of unusual activities.
20. What does OTC trading mean?
    Trading large volumes outside the regular order books.
21. Is there crypto insurance?
    Yes, but often with gaps.
22. How long do forensic analyses take?
    Hours to days, depending on complexity.
23. Difference BigONE vs. Bybit?
    BigONE: USD 27 million per supply chain; Bybit: USD 1.5 billion per wallet exploit.
24. How do you protect private keys?
    Through Cold wallets and multi-signature.
25. What role do insiders play?
    As the Coinbase case showed, insiders can harbor considerable risks (Business Insider).
26. What is a mixer service?
    A service that mixes transactions to disguise origin.
27. Was loot ever retrieved?
    No significant returns to date.
28. Capital requirements?
    Regulatory requirements for safety reserves.
29. Are audits mandatory?
    Not yet in many jurisdictions, but recommended.
30. What does the future of crypto security look like?
    Technological toughness, organizational precautions and clear regulation will be decisive.

About the author

Felix Rieger Verified

Founder & Lead Author · KryptoZukunft.com · Rheinmünster, Germany · since 2021

Since 2021, I've personally tested crypto exchanges, analyzed markets, and explained complex topics in an understandable way – Clear, honest, no hype. As the founder of KryptoZukunft.com, I have about 12 Stock Exchanges Tested, more than 100 journal articles written and help thousands of readers daily, to safely get into cryptocurrency. Not a financial advisor—but someone who has already made the mistakes and learned from them.

Active since 2021 12+ stock exchanges tested 📰 100+ Articles Rheinmünster, Germany ✅ Verified Content

👤 Full Profile → Impressum & Contact

Editorial Guidelines

✅Independent & Transparent

SearchCarefully researched

🔄Regularly updated

👤Complete profile →

📝Imprint & Contact

⚠️

Risk notice & disclaimer

This article is intended exclusively for Informational purposes and presents No financial, investment or tax advice dar. Cryptocurrencies are highly volatile investment instruments – trading can lead to complete loss of invested capital Invest only what you are willing to lose. KryptoZukunft.com accepts no liability for decisions made based on this content. For tax-related questions, please consult a qualified tax advisor.