BigONE reported that a July 16, 2025 attack drained about $27 million from its hot wallets without exposing private keys. HackenProof attributed the intrusion path to social engineering against a key developer, followed by compromise of the developer’s device and unauthorized access to production systems. The attackers allegedly deployed malicious code that temporarily altered accounting and risk-management service logic, allowing withdrawals of Bitcoin, Shiba Inu, Dogecoin, USDT, and other assets while bypassing normal internal controls. SlowMist traced attacker addresses on Ethereum and BNB Chain, while other analysis described laundering activity across Tron, Solana, Ethereum, and Bitcoin, underscoring the infrastructure and supply-chain risk facing centralized exchanges.