BigONE Loses $27M in Supply Chain Hack

• BigONE lost $27 million due to a supply chain attack.
• Private keys were not compromised in the breach.
• The attack occurred on July 16 through a third-party service.

On July 16, crypto exchange BigONE fell victim to a highly targeted supply chain attack that resulted in a staggering $27 million loss. What sets this incident apart is that the attackers managed to drain funds without accessing the private keys—a rare and concerning type of breach in the crypto world.

This exploit highlights a growing risk in the industry: supply chain vulnerabilities. These occur when a third-party tool or service integrated into a crypto platform is compromised, opening a backdoor for attackers.

In this case, security researchers believe the breach stemmed from malicious updates to a service BigONE relied on for internal operations. The compromised component allowed attackers to manipulate internal functions and initiate unauthorized transfers without the need to steal or decrypt private keys.

The Role of Third-Party Tools in the Hack

Crypto exchanges like BigONE often rely on external software and services to handle wallet operations, user management, analytics, and more. If any part of that toolchain is compromised—especially via a malicious update—an attacker can gain indirect control over internal systems.

In BigONE’s case, the breach was traced back to a third-party vendor, though the specific provider hasn’t been publicly named yet. The attacker appears to have injected malicious code into a routine update, which went unnoticed until funds were siphoned off.

Notably, this wasn’t a result of poor key management or phishing—it was an attack on the trust network between services.

Lessons for the Crypto Industry

This breach reinforces a crucial lesson: security isn’t just about securing your keys, but your entire ecosystem. Supply chain attacks are difficult to detect and defend against because they exploit trusted components.

For crypto firms, it’s a wake-up call to audit all third-party integrations, verify updates from vendors, and isolate critical systems from potentially vulnerable services.

For users, it’s a reminder that even reputable exchanges are not immune to novel attack vectors—stressing the need for vigilance, diversification of holdings, and understanding how exchanges manage risk.

Read also:

• $258M in Crypto Positions Liquidated in 4 Hours
• Forget Everything You Know About Crypto, BlockDAG Isn’t Selling a Coin, It’s Selling an Entire Digital Metropolis!
• Ethereum Breaks $4100, Fueling Bullish Momentum
• TGE Code Access Pushes BlockDAG Presale Past $430M While LTC Targets $200 & VET Gains 7.5% Amid Renewed Market Energy
• Coinbase Buys Echo in $375M Deal to Boost Onchain Finance