How did hackers manage to drain over $27 million from a major cryptocurrency exchange without stealing a single private key?
On July 16, 2025, blockchain security agency SlowMist revealed that BigONE exchange fell victim to a sophisticated supply chain attack that bypassed traditional security measures entirely.
Unlike the smash-and-grab hacks we often hear about, these attackers took a more elegant approach—think of it as picking the lock instead of breaking down the door.
They compromised the production network and altered the exchange’s operating logic and risk-control servers.
It’s like changing the rules of a game while the referee isn’t looking.
The hackers didn’t need to steal the hot wallet’s private keys because they had manipulated something even more powerful: the system that decides when withdrawals are allowed.
By tampering with backend services, they effectively told the exchange’s computers, “Yes, this massive withdrawal to an unknown address is totally fine, nothing to see here!”
PANews initially issued a warning about the suspicious activities before the full extent of the breach was confirmed by security experts, giving users a critical early alert.
What makes this incident particularly significant in the 2025 crypto landscape is how it represents the evolution of attack strategies.
Hackers are increasingly targeting supply chain and logic-level vulnerabilities rather than hunting for simple bugs or leaked credentials.
It’s no longer about finding the key to the vault—it’s about convincing the vault it should open itself.
This incident underscores why many investors prefer cold wallets for long-term storage of significant cryptocurrency assets, as they remain offline and immune to such remote attacks.
BigONE has responded swiftly, promising full compensation for all affected users.
The exchange announced plans to restart recharge and trading services within hours of the incident, alongside implementing enhanced security measures to prevent similar attacks in the future.
Prior to this incident, BigONE maintained a respectable security rating (BBB with a 3-star security score on CER.live), with standard protections including cold wallet storage and two-factor authentication.
However, this hack highlights how even exchanges with solid security foundations remain vulnerable to sophisticated attacks that target the logic of their systems rather than their encryption.
This incident is particularly surprising given that the exchange had no reported successful hacks prior to this breach, demonstrating how even previously secure platforms can fall victim to innovative attack methods.
