$27 million gone, no private keys exposed: How the BigONE hack happened
Contents
What was the BigONE $27 million hack?
The Seychelles-based cryptocurrency exchange BigONE confirmed that on July 16, 2025, it suffered a crypto supply chain attack that allowed cybercriminals to drain $27 million from the exchange’s hot wallets.
With a sophisticated attack, the hackers compromised the exchange’s production network and gained access to the funds without ever accessing private keys.
Interestingly, BigONE has reported that no private keys were leaked during the exploit. Instead, internal systems were manipulated to grant unauthorized fund withdrawals across various assets. As confirmed by onchain data, the attackers took:
- 121 Bitcoin (BTC).
- 350 Ether (ETH).
- 9.69 billion Shiba Inu (SHIB).
- 538,000 Dogecoin (DOGE).
- Digital assets like Tether USDt (USDT) and more.
These unauthorized fund withdrawals were officially confirmed by BigONE, saying: “In the early hours of July 16, BigONE detected abnormal movements involving a portion of platform assets. Upon investigation, it was confirmed as the result of a third-party attack …
The Seychelles-based cryptocurrency exchange BigONE confirmed that on July 16, 2025, it suffered a crypto supply chain attack that allowed cybercriminals to drain $27 million from the exchange’s hot wallets.
With a sophisticated attack, the hackers compromised the exchange’s production network and gained access to the funds without ever accessing private keys.
Interestingly, BigONE has reported that no private keys were leaked during the exploit. Instead, internal systems were manipulated to grant unauthorized fund withdrawals across various assets. As confirmed by onchain data, the attackers took:
- 121 Bitcoin (BTC).
- 350 Ether (ETH).
- 9.69 billion Shiba Inu (SHIB).
- 538,000 Dogecoin (DOGE).
- Digital assets like Tether USDt (USDT) and more.
These unauthorized fund withdrawals were officially confirmed by BigONE, saying: “In the early hours of July 16, BigONE detected abnormal movements involving a portion of platform assets. Upon investigation, it was confirmed as the result of a third-party attack …