BigOne Exchange Attack Leads to $27M Crypto Security Breach

BigOne Exchange Attack: Crypto Lost in Backend Supply Chain Breach

As reported by the Wu Blockchain, BigOne Exchange, a well-known global crypto platform, has suffered a major security breach. Hackers managed to steal over $27 million in what’s now being called the BigOne Exchange Attack. 

What’s especially worrying is that this wasn’t a regular crypto hack, the attackers didn’t even go near users’ wallets. Instead, they found a loophole deep in the system.

Source: Wu Blockchain

The BigOne Exchange Attack: Unconventional Supply Chain Exploit

This wasn’t about stolen private keys or someone breaking into hot wallets. Instead, the attack came through BigOne’s supply chain. 

According to the security firm SlowMist during this BigOne Exchange Attack, the hackers changed how the platform’s servers worked, especially the parts that handle accounts and risk checks. That gave them backend access to transfer funds without getting noticed by anyone at first. 

SlowMist confirmed that no user keys or wallets were touched, it is a sigh of relief. Even so, it indicates how dangerous backend bugs can be if not suspected at an early stage. 

Production Network Identified as the Entry Point

The hackers targeted platform's production network, the live system responsible for everyday operations. 

During this BigOne Exchange Attack, they didn't hack wallets or suspend trading. Rather, they secretly manipulated how withdrawals were approved in the background.

It enabled them to conduct mock withdrawals on multiple blockchains. The amount pilfered? More than $27 million, in coins such as BTC, ETH, USDT, SOL, and XIN.

Source: Lookonchain

As per the Lookonchain reports, In this BigOne Exchange Attack, the hacker exchanged the stolen assets for 120 $BTC($14.15M), 1,272 $ETH($4M), 23.316M $TRX($7.01M), and 2,625 $SOL($428K). 

Address: bc1qwxm53zya6cuflxhcxy84t4c4wrmgrwqzd07jxm 

TCAfB8jHbJ56xwmfwKwWEs8HLRjbC2GfHG

0x0A360bD648EB86613961a2AA41dC1610c5305F4F

7RWHQ7ujSFwokAPkAhHTdiPxRF2LmqrvgYEqDiAjLxdH

Official Response and Damage Control Measures

Once the breach was discovered, the plaform acted fast. The breach was confirmed, withdrawals were suspended. They also assured that they are implementing a complete security revamp. In order to assuage user concerns, the team stated that they're spending their own reserves to compensate for all the lost funds.

They also stated that trading and deposits will return shortly, but withdrawals will remain suspended until they complete a comprehensive security review and system upgrade.

Source: BigONE

Assurance of User Asset Safety

BigOne was clear in its updates, no user assets were lost, and all private keys are still safe. The attackers never got near customer wallets. The real problem was inside the platform’s own system, and that’s where the fix is focused now.

They’re posting regular updates and say they’ll keep users informed as the investigation continues and recovery efforts move forward.

Recent Incidents Raise Industry-Wide Concerns

The BigOne Exchange Attack comes right after a string of other big hacks in the crypto industry. Just days ago, GMX lost over $42 million in a suspected exploit, and Nobitex, Iran’s biggest exchange, is still recovering from a $90 million attack. These back-to-back incidents are making the whole crypto world uneasy, and many are now calling for stronger backend protections.

Path to Recovery and Future Outlook

BigOne says its top priority is getting the platform back on track. They’ll reopen withdrawals only after the system has been fully reviewed and updated for better protection. For now, trading and deposits will be back online first.

This BigOne Exchange Attack is a wake-up call. It shows that even if your wallets are locked tight, a weak backend can still open the door to big trouble. It’s time for all crypto exchanges to step up their security, front-end and back-end alike.