Solana News Today: BigONE Suffers $27 Million Cryptocurrency Theft in Supply Chain Attack

BigONE, a prominent cryptocurrency exchange, recently confirmed a significant security breach resulting in the theft of approximately $27 million in digital assets. The incident, which occurred on July 16, was attributed to a sophisticated supply chain attack. This type of attack involves compromising a third-party service or software that the exchange relies on, thereby gaining unauthorized access to its systems. The attacker manipulated server logic to bypass BigONE’s risk controls, allowing for unauthorized withdrawals. The stolen assets were quickly converted into various cryptocurrencies, including BTC, ETH, TRX, and SOL.

The breach targeted BigONE’s hot wallet infrastructure. The attacker gained access by modifying production environment settings tied to the account and risk control logic. BigONE stated that private keys were not exposed during the incident. The team discovered abnormal fund flows, traced the breach, and stopped further losses. The stolen assets include 120 BTC, 1,272 ETH, 8.5 million USDT across TRC20, ERC20, BSC, and Solana, plus 23.3 million TRX. Other affected tokens include 20,730 XIN, 4.3 million SNT, 15.7 million CELR, 16,071 LEO, 25,487 UNI, 9.7 billion SHIB, 1,800 SOL, and 538,000 DOGE. BigONE noted that these figures remain under review.

Despite the size of the exploit, the exchange assured users that losses would not affect them directly. To maintain account balances, BigONE has activated internal reserves in BTC, ETH, USDT, SOL, and XIN. For the remaining assets, the exchange is sourcing external liquidity and using borrowing mechanisms. The attacker quickly swapped the assets into multiple chains. Confirmed hacker wallets include Ethereum/BSC: 0x9Bf7a4dDcA405929dba1FBB136F764F5892A8a7a, Bitcoin: bc1qwxm53zya6cuflxhcxy84t4c4wrmgrwqzd07jxm, Solana: HSr1FNv266zCnVtUdZhfYrhgWx1a4LNEpMPDymQzPg4R, and Tron: TKKGH8bwmEEvyp3QkzDCbK61EwCHXdo17c. CertiK, which also monitored the breach, reported token transfers just before the exploit was confirmed. SlowMist is now collaborating with BigONE to monitor wallet movements and prevent further distribution of the stolen assets.

Meanwhile, blockchain investigator criticized the exchange, claiming BigONE previously processed volume from pig butchering, romance, and scam-related schemes. He stated he had “no sympathy” for the platform’s operators due to its prior ties. BigONE has suspended withdrawals as new security protocols are being applied. Deposits and trading are expected to resume shortly. The exchange has pledged transparent updates as investigations continue.

The supply chain attack on BigONE highlights the vulnerabilities that can exist within the cryptocurrency ecosystem. As exchanges increasingly rely on third-party services for various operations, the risk of such attacks becomes more pronounced. This incident serves as a reminder for exchanges and users alike to remain vigilant and implement robust security measures to mitigate potential threats. The theft of $27 million in digital assets is a substantial loss, but it is important to note that the exchange's response has been proactive. By quickly identifying the hacker addresses, BigONE has taken a crucial step in preventing further damage and potentially recovering some of the stolen assets. The exchange's transparency in confirming the loss and providing updates on the situation is commendable, as it helps to maintain user trust and confidence in the platform.

The incident also raises questions about the overall security of the cryptocurrency industry. While blockchain technology is inherently secure, the human and technological elements surrounding it can introduce vulnerabilities. Exchanges, in particular, are attractive targets for hackers due to the large amounts of digital assets they hold. This incident underscores the need for continuous improvement in security protocols and the implementation of advanced technologies to protect against such attacks. In conclusion, the supply chain attack on BigONE resulting in the theft of $27 million in digital assets is a significant event in the cryptocurrency world. The exchange's prompt response and transparency in handling the situation are positive steps towards mitigating the impact of the attack. However, the incident serves as a reminder of the ongoing challenges in securing the cryptocurrency ecosystem and the need for continuous vigilance and improvement in security measures.