'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Bug bounty 
Triaged by HackenproofBigONE Hack Bounty Program : Program info
BigONE Hack Bounty Program
Company: BigONE Global ExchangeIn July 2025, BigONE experienced a major security incident: attackers used sophisticated social engineering to compromise one key developer, obtaining relevant permissions and tampering with some part of source code in the production environment release process.
Focus Area
In July 2025, BigONE experienced a major security incident: attackers used sophisticated social engineering to compromise one key developer, obtaining relevant permissions and tampering with some part of source code in the production environment release process. After momentarily modifying the logic of some services of accounting and risk management, they transferred approximately $27 million (BTC, ETH, SOL, DOGE, TRX, etc.) from one hot wallet. Post-incident preliminary investigation confirmed that the private keys of all exchange crypto wallets remained secure and were not compromised. The platform has since implemented enhanced security measures and fully restored operations. All user assets have been fully covered by BigONE’s insurance reserve fund. This program seeks to identify those responsible for this single security incident, trace stolen assets, and facilitate stolen fund recovery. Verified contributions will be rewarded, with additional bounties for successful recoveries. White-hat participants who provide verified key information will be eligible for rewards. A percentage of the recovered amount will be distributed as a bounty to those who made significant contributions.
Incident Overview
In July 2025, BigONE suffered a major security incident. Third-party attackers used highly sophisticated social engineering techniques to compromise the development device of a key developer, thereby gaining unauthorized access and permissions. The attackers subsequently carried out a coordinated supply chain attack by deploying tampered code through version deployment service providers. This allowed them to temporarily alter the logic of specific accounting and risk management services within the platform, ultimately resulting in the unauthorized transfer of approximately USD 27 million worth of cryptocurrencies from one of BigONE’s hot wallets. The compromised assets included tokens from major public blockchains, including Bitcoin, Ethereum, Solana, Dogecoin, and Tron. Note: Preliminary investigation has confirmed the full attack path and logic. Following system reinforcement and post-accident updates, no further losses are expected. All BigONE wallet private keys and user data remain secure, with losses limited to a portion of assets from the targeted hot wallet. BigONE has fully covered all user losses using its insurance reserve fund, and all services have been resumed shortly. This bounty program aims to identify the attacker, trace the stolen assets, and assist with asset recovery. Verified and effective intelligence will be rewarded; if assets are successfully recovered, an additional 10% to 30% bounty will be awarded according to the level of contribution.
Key Fund Flows
2025-07-15 around 17 (UTC +0): Abnormal large withdrawal from the Exchange hot wallet; large amounts of BTC withdrawn. Other on-chain assets held in the targeted hot wallet—such as USDT, ETH, SOL, XIN and DOGE—were withdrawn and routed through multiple decentralized exchanges (DEXes) and cross-chain bridges. These assets were subsequently swapped across several hops into more liquid tokens, primarily including ETH, SOL and BNB.
Identified Information
- Stolen Assets Destination Addresses
Ethereum & BSC: 0x9Bf7a4dDcA405929dba1FBB136F764F5892A8a7a
Solana: HSr1FNv266zCnVtUdZhfYrhgWx1a4LNEpMPDymQzPg4R
Bitcoin: bc1qwxm53zya6cuflxhcxy84t4c4wrmgrwqzd07jxm
Tron: TKKGH8bwmEEvyp3QkzDCbK61EwCHXdo17c
- Subsequent Related Addresses
Ethereum: 0x0A360bD648EB86613961a2AA41dC1610c5305F4F
Solana: 7RWHQ7ujSFwokAPkAhHTdiPxRF2LmqrvgYEqDiAjLxdH
Tron: TCAfB8jHbJ56xwmfwKwWEs8HLRjbC2GfHG
Attackers IOC
IP addresses used for related attacks:
192.166.246.84
94.156.148.191
91.214.65.209
94.156.148.191
37.120.197.197
45.86.163.132
103.214.46.201
45.84.139.168
62.3.36.XX
194.35.235.XX
192.166.246.XX
45.84.137.xxx
86.104.21.xxx
White Hat Investigation Scope
- Attacker Identity Clues: Includes both on-chain and off-chain associations, such as wallet linkages, known social media accounts, and traces of centralized exchange (CEX) activity.
- Transaction and Fund Flow Analysis: Detailed on-chain tracking, identification of coin mixing services, cross-chain laundering techniques, and any observable fund movement patterns.
- Infrastructure Footprints: Any relevant IP addresses, domains, hosting providers, or server infrastructure used in the attack or post-exploit activities.
- Other Forensic Leads: Any additional information or evidence that may assist in identifying or deanonymizing the attacker.
Rules & Guidelines
Accuracy
Submissions must be verifiable, objective, and must directly assist in identifying the attacker or tracing the stolen funds.
Details
Submissions should include:Blockchain transaction proofs (TX hashes, addresses, patterns). Cross-referenced intelligence (CEX account associations, email, IP, domain history). Technical analysis (heuristics, mixing methods, transaction clustering). Chain of custody proofs ensuring data integrity. Complete forensic intelligence chain. Supporting data to demonstrate intelligence value. Specific methods, tools, or techniques used. OriginalityInformation must be original and not previously disclosed.
Impact
Intelligence must provide actionable insight or significantly advance the investigation.
Feedback
Due to the complexity of the verification process, response times may be longer than for regular vulnerability reports.
Bounty Structure
High Impact: 5,000+ USD Direct evidence pointing to the attacker’s real-world identity, real address, etc.
Medium Impact: 1,000 – 5,000 USD IP, domain, device fingerprint, cross-chain asset clustering report, indirect identity association
Low Impact: 100 – 1,000 USD Supplementary on-chain path analysis, clarification of fund flow mixing patterns
Extra reward: In the event of a successful asset recovery, contributors may be eligible for an additional extra reward ranging from 10% to 30% of the recovered fund. The final extra reward percentage will be determined at the sole discretion of the platform, based on a comprehensive assessment of the contribution’s significance, technical difficulty, and overall impact on the recovery outcome.
Compliance Notice
All intelligence must comply with applicable laws and ethical standards· Unauthorised intrusion, system disruption, or any illegal activities are prohibited· Reports must not contain personal sensitive information (PII) obtained by illegal means
Rewards '%3e%3cpath%20d='M3%2021H24V24H0V0H3V21ZM6.75%2019.5C6.44587%2019.5006%206.14477%2019.4396%205.8649%2019.3205C5.58502%2019.2015%205.33219%2019.027%205.12167%2018.8075C4.91115%2018.588%204.74731%2018.3281%204.64006%2018.0435C4.5328%2017.7589%204.48436%2017.4555%204.49766%2017.1517C4.51095%2016.8478%204.58571%2016.5498%204.71741%2016.2757C4.84911%2016.0015%205.03502%2015.7569%205.2639%2015.5567C5.49279%2015.3564%205.7599%2015.2046%206.0491%2015.1105C6.3383%2015.0164%206.64358%2014.9818%206.9465%2015.009L9.3645%2010.9785C9.1434%2010.639%209.0181%2010.246%209.00182%209.84115C8.98554%209.43629%209.07888%209.03455%209.272%208.67835C9.46512%208.32215%209.75084%208.02471%2010.099%207.81743C10.4472%207.61016%2010.8448%207.50074%2011.25%207.50074C11.6552%207.50074%2012.0528%207.61016%2012.401%207.81743C12.7492%208.02471%2013.0349%208.32215%2013.228%208.67835C13.4211%209.03455%2013.5145%209.43629%2013.4982%209.84115C13.4819%2010.246%2013.3566%2010.639%2013.1355%2010.9785L15.5535%2015.009C15.6682%2014.9987%2015.7836%2014.9977%2015.8985%2015.006L19.8915%208.019C19.6046%207.59868%2019.4686%207.0935%2019.5058%206.58594C19.543%206.07837%2019.7511%205.59841%2020.0963%205.22442C20.4415%204.85043%2020.9032%204.60449%2021.4062%204.52678C21.9091%204.44906%2022.4236%204.54415%2022.8655%204.79653C23.3075%205.0489%2023.6508%205.44364%2023.8395%205.91631C24.0281%206.38897%2024.051%206.91163%2023.9043%207.39896C23.7576%207.88628%2023.45%208.30948%2023.0317%208.59945C22.6135%208.88942%2022.1093%209.02903%2021.6015%208.9955L17.6085%2015.9825C17.8379%2016.319%2017.9717%2016.7114%2017.9956%2017.118C18.0195%2017.5245%2017.9326%2017.9299%2017.7442%2018.291C17.5558%2018.652%2017.2729%2018.9552%2016.9258%2019.1681C16.5786%2019.381%2016.1802%2019.4957%2015.7729%2019.4999C15.3657%2019.5041%2014.965%2019.3978%2014.6134%2019.1922C14.2619%2018.9865%2013.9728%2018.6893%2013.7769%2018.3323C13.581%2017.9753%2013.4857%2017.5717%2013.5011%2017.1648C13.5165%2016.7578%2013.6421%2016.3627%2013.8645%2016.0215L11.4465%2011.991C11.3158%2012.0031%2011.1842%2012.0031%2011.0535%2011.991L8.6355%2016.0215C8.85679%2016.3611%208.98226%2016.7541%208.99864%2017.159C9.01503%2017.564%208.92172%2017.9659%208.72858%2018.3222C8.53544%2018.6785%208.24963%2018.9761%207.90137%2019.1834C7.5531%2019.3907%207.1553%2019.5001%206.75%2019.5Z'%20fill='%23050505'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2777_6507'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Stats 
Hackers (3) 
