BigONE $27M Breach—Supply Chain Compromised

Seychelles-based BigONE confirmed a major exploit in July where hackers breached a software update mechanism, injecting a malicious payload that enabled hot wallet extraction. Assets lost included Bitcoin, Ethereum, USDT, SOL, and XIN—valued at ~$27 million.

Though BigONE pledged to refund users in full, investigations revealed a lapse in their endpoint access policies and API credential logging. Blockchain analysis firms believe credentials were exfiltrated via a compromised 3rd-party dev tool with improper permission scopes.

Following the attack, BigONE suspended trading for 48 hours, migrated wallet architecture, and mandated 2FA and biometric auth for all withdrawals.

Reminder: Never use dev/test credentials on live wallets. All wallet keys must be isolated from the software supply chain.

Cashtags: $SOL, $ETH

Hashtags: #CEXHack #HotWalletRisk #CryptoSafety