BigONE Control Logic Changed To Withdraw Customer Funds

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

BigONE Exchange Logo/Homepage

BigONE Exchange is a full-featured cryptocurrency trading platform offering spot, margin, and futures trading, alongside structured investment products through its BigONE Earn suite. With a focus on user convenience, security, and education, it provides tools for both novice and experienced traders. Despite its robust infrastructure, BigONE recently suffered a security breach that compromised its production network and allowed unauthorized fund withdrawals—though private keys were not leaked. The exchange has acknowledged the incident, pledged to cover all user losses, and is working with blockchain security firm SlowMist to investigate and enhance system security. Withdrawals will resume following a full security review.^{[1][2][3][4][5]}

About BigONE

BigONE Exchange is a comprehensive cryptocurrency trading platform that offers a wide range of financial products and services designed to support users at all stages of their crypto journey. Users can access spot and margin trading on over 500 cryptocurrencies, as well as futures contracts with up to 100x leverage. BigONE also provides a zero-fee conversion service for seamless trading across all pairs. The platform focuses on user convenience and aims to empower investors by offering easy-to-use tools for both beginners and experienced traders.

The platform’s financial suite, BigONE Earn, includes structured investment products such as dual investment strategies, capital-guaranteed products, and options to buy discounted crypto assets. These are designed to maximize yields while managing risk, offering users stable returns with flexible investment strategies. BigONE emphasizes secure and efficient investing, providing users with a robust system to navigate the fast-paced crypto market with confidence.

Beyond trading, BigONE fosters community engagement and education through its customer support, global investor community, and BigONEpedia, a knowledge hub with expert insights into the crypto industry. The BigONE mobile app enhances accessibility, allowing users to manage their investments and stay informed on the go. With security features like penetration testing, bug bounty programs, and proof of funds verification, BigONE positions itself as a secure, user-focused platform for crypto wealth building.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

• When the service was actually started (if different than the "official story").
• Who actually ran a service and their own personal history.
• How the service was structured behind the scenes. (For example, there was no "trading bot".)
• Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

BigONE Exchange experienced a security breach that allowed attackers to withdraw funds by modifying server logic.

Technical Details

"The production network was compromised, and the operating logic of account and risk control related servers was modified, enabling the attacker to withdraw funds. Notably, the private keys were not leaked.​"

Hacker addresses: Ethereum & BSC0x9Bf7a4dDcA405929dba1FBB136F764F5892A8a7a Solana: HSr1FNv266zCnVtUdZhfYrhgWx1a4LNEpMPDymQzPg4R Bitcoin: bc1qwxm53zya6cuflxhcxy84t4c4wrmgrwqzd07jxm Tron: TKKGH8bwmEEvyp3QkzDCbK61EwCHXdo17c

Total Amount Lost

BTC 120

ETH 350

USDT(TRC20) 6,974,358

USDT(ERC20) 1,395,000

USDT(BSC) 38,106.95

USDT(SOL) 134,764

XIN 20,730

SNT 4,369,581

WBTC 1

CELR 15,772,006

LEO 16,071

UNI 25,487

SHIB 9,697,050,027

SOL 1,800

DOGE 538,000

The total amount lost has been estimated at $27,000,000 USD.

Immediate Reactions

The exchange publicly acknowledged the theft and has stated they will be covering all related losses.

Ultimate Outcome

BigONE engaged SlowMist to assist with security, who also publicly reported on the situation.

Total Amount Recovered

The platform has offered to cover all assets of affected users.

The total amount recovered has been estimated at $27,000,000 USD.

Ongoing Developments

Assets are currently being tracked down. The platform has promised that withdrawals will be reopened after a security check is completed.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References