Cryptocurrency exchange BigONE confirmed a major security breach on July 17, 2025, with hackers making off with approximately $27 million in digital assets. The incident landed on the same day that blockchain analytics firm Chainalysis released its mid-year crypto crime report, revealing that stolen funds in 2025 had already surpassed the entirety of 2024, reaching a staggering $2.17 billion by mid-July.
The timing could not be more sobering. With Bitcoin trading at $119,290 and Ethereum at $3,477, the crypto ecosystem is richer than ever — and attackers are escalating their operations to match.
The Exploit Mechanics
While BigONE has not yet disclosed the full technical details of the breach, the attack follows a familiar pattern seen across centralized exchanges throughout 2025. Initial reports suggest the hackers exploited a vulnerability in the exchange’s hot wallet infrastructure, allowing them to drain funds before the security team could respond.
Centralized exchanges remain prime targets because they pool user funds in custodial wallets, creating high-value attack surfaces. Hot wallets, which maintain internet connectivity to facilitate real-time trading, are particularly vulnerable because any compromise of private keys or access controls gives attackers an immediate path to funds.
The BigONE breach is far from the largest incident of 2025. That distinction belongs to the DPRK-sponsored ByBit hack in February, which netted attackers $1.5 billion in a single operation — the largest crypto theft in history. But it underscores the persistent vulnerability of centralized platforms even as the industry matures.
Affected Systems
The Chainalysis mid-year report paints a troubling picture of the broader landscape. Key findings include:
By July 17, 2025, stolen funds from cryptocurrency services had reached $2.17 billion, exceeding the total for all of 2024. The trajectory suggests that 2025 could end with more than $4.3 billion stolen from services alone if current trends continue.
North Korean threat actors are responsible for the majority of stolen value. The ByBit hack accounts for approximately 69% of all service-related losses this year. DPRK operations have become increasingly central to the regime’s sanctions evasion strategy, with 2025 already far surpassing last year’s record $1.3 billion in known DPRK-related losses.
Personal wallet compromises represent a growing share of total theft, making up 23.35% of all stolen fund activity in the first half of 2025. Attackers are increasingly targeting individual users through phishing, social engineering, and malware campaigns.
Perhaps most alarming: wallets connected to personal wallet thefts currently hold $8.5 billion in crypto on-chain, suggesting attackers are accumulating stolen funds rather than immediately laundering them.
The Mitigation Strategy
For centralized exchanges, the BigONE breach reinforces several critical security measures:
Cold storage dominance. The vast majority of user funds should be held in cold storage, with only minimal liquidity in hot wallets. Exchanges that maintain large hot wallet balances are unnecessarily exposed.
Multi-signature authorization. All significant transfers should require multiple approvals from geographically distributed key holders. This prevents a single compromised credential from granting access to large fund pools.
Real-time anomaly detection. Automated systems should flag unusual withdrawal patterns, large transfers to unknown addresses, and any deviation from normal operational behavior. Speed of detection is critical; most successful hacks are completed within minutes.
Regular penetration testing. Third-party security audits should be conducted quarterly, with immediate remediation of any identified vulnerabilities. The attack surface evolves constantly, and defenses must keep pace.
Lessons Learned
The Chainalysis report highlights a shift in attacker behavior that has significant implications. Threat actors targeting services exhibit higher sophistication than those attacking personal wallets, employing complex laundering strategies that involve multiple protocols and cross-chain bridges.
The average premium that launderers pay to move stolen funds has increased from 2.58x in 2021 to 14.5x in 2025, suggesting that anti-money laundering controls are becoming more effective at forcing criminals into expensive workarounds. However, the sheer volume of theft means this is cold comfort.
Geographic trends show significant concentrations of victims in the United States, Germany, Russia, Canada, Japan, Indonesia, and South Korea. Eastern Europe, MENA, and CSAO regions saw the fastest growth in victim totals from the first half of 2024 to the first half of 2025.
User Action Required
If you have funds on BigONE or any centralized exchange, consider these immediate steps:
First, monitor official communications from the exchange for updates on the breach and any remediation plans. Second, withdraw funds to a self-custodial wallet that you control, using a hardware wallet for maximum security. Third, enable all available security features including two-factor authentication, withdrawal whitelists, and anti-phishing codes. Fourth, never share your private keys, seed phrases, or wallet credentials with anyone, regardless of the claimed reason.
The $2.17 billion stolen in the first half of 2025 is a reminder that the crypto industry’s security infrastructure has not kept pace with its growth. Until it does, individual vigilance remains the most effective defense.
This article is for informational purposes only and does not constitute financial or security advice. Always conduct your own research before making decisions about your digital assets.
It is wild that we have already surpassed the 2024 hack totals and we are not even halfway through the year. $27 million is a massive hit for BigONE, but the bigger concern is how these vulnerabilities keep getting exploited across major platforms. We really need better institutional-grade security standards if we want mass adoption to actually happen without everyone being terrified of losing their life savings.
Another day, another reminder that keeping your assets on a centralized exchange is a gamble you eventually lose. The fact that $27 million can just vanish overnight is why cold storage isn’t optional anymore. I feel for anyone who had funds on BigONE, but at this point, if you aren’t holding your own keys, you have to accept this kind of risk as the default.
Marcus Thorne the bybit hack was $1.5B and bigONE is $27M. different scale but same root cause. hot wallet exposure on centralized exchanges
same root cause every time. when will CEXs learn that hot wallets need daily transfer limits? $27M shouldnt be withdrawable in a single transaction
sol_flip_ daily transfer limits would help but the real fix is MPC wallet architecture. split the signing keys so no single compromise drains everything
Seriously? Again?? It feels like every week there is a new breach being reported by Chainalysis. I was actually considering moving some liquidity to BigONE for their trading pairs, but definitely sticking to DEXs for now. The industry is growing fast but the security protocols clearly aren’t keeping up with the sophisticated methods these hackers are using. Stay safe out there guys.
Bit_Believer_88 DEX is not safer. you still need to verify contracts and manage your own keys. the difference is there is no single point of failure to exploit
verifying contracts is nice until the exploit is in the governance token. DEX is safer in theory but the attack surface just moves
The speed of these attacks is becoming alarming, especially with the sophisticated social engineering and smart contract exploits being used. Seeing the 2024 totals eclipsed so early is a massive wake-up call for the entire DeFi and CEX ecosystem. Hopefully, the stolen funds are being tracked properly on-chain so the hackers can’t easily offramp through mixers without being flagged immediately.
2.17 billion stolen by mid 2025 and people still debate whether self custody is necessary. the numbers speak for themselves