- BigONE hot wallets lost $27M across BTC, ETH, DOGE, and more after attackers gained access to internal withdrawal controls.
- Over 100 BTC and 8.5M USDT were funneled through DEXs and bot wallets using split-lot tactics and cross-chain routes.
- Wallet rules were modified at the system level, letting funds exit without triggering private key exposure or endpoint alerts.
Hot Wallet Breach Hits BTC, ETH, DOGE, SHIB, and USDT
BigONE’s production network was breached, allowing attackers to withdraw user funds across multiple blockchains. According to a post by OnchainLens, the coordinated exploit drained 121 BTC, 350 ETH, 538K DOGE, and 8.54M USDT. SHIB, SOL, UNI, and TRX were also involved in the stolen portfolio.
The attack enabled full access to integrated wallet structures without exposing private keys. Blockchain logs show fast movement across DEX aggregators and layer-1 chains. Multiple tokens were routed with token batching and synchronized dump behavior.
DOGE transfers included a 538K lump sum to a single wallet, valued at $103,650. Two other batches-55K and 282 K, also exited through DEX pathways. SHIB and UNI were among other key ERC-20 assets that left BigONE.
TRON and Solana Transfers Expose Coordinated Tactics
This announcement highlights a sharp rise in cross-chain laundering methods, with millions moved from compromised wallets. Over 23 million TRX were routed from BigONE to new destinations, valued at around $6.99M at execution.
Additional transfers included 54.8 million USDT and 6.98 million USDT in round-tripped flows. These show short re-entry attempts and redistribution using layered wallets. Solana flows included 2,600+ SOL, totaling over $420K in market value.
Outbound flows were linked to compromised addresses confirmed in blockchain analytics screenshots. Wallets also showed multiple settlements of XIN and ETH tied to elite bot traders, indicating programmatic execution.
Bitcoin Exit Strategy Used Split-Lot Dumping
Attackers executed over 100 BTC in staggered orders toward a unified destination address. These transactions show signs of strategic lot-splitting to avoid market impact.
High-frequency lots between 1–17 BTC hit the chain within a narrow timeframe. All flowed toward a wallet that remains active and unflagged across major indexers. The estimated value of drained BTC exceeds $6.9 million.
Transaction behavior included parallel settlement of tokens through mixers and DEX routing hubs. Lookonchain analytics confirmed that no keys were compromised—internal control rules were manipulated.
System Exploit Enabled Full Wallet Withdrawals
Wallet rules were overwritten at the production layer, unlocking assets for withdrawal across DEXs and liquidity pools. Private keys were not leaked.
The internal system granted withdrawal access to multiple integrated wallets without triggering endpoint warnings. As of the latest security bulletin, 121 BTC, 350 ETH, 1,800 SOL, and more have been confirmed lost.
The full breakdown, wallet trail, and timeline of the attack are now listed on BigONE’s Zendesk support portal.
