BigONE Unveils $8.1M Bug Bounty To Support Post-Breach Investigation And Asset Recovery
In Brief
BigONE has launched an $8.1 million bug bounty program with HackenProof to identify the perpetrators of a $27 million security breach, trace stolen assets, and support their recovery through verified white-hat investigations.
Cryptocurrency exchange BigONE announced that it has initiated a bug bounty program in partnership with the cybersecurity platform HackenProof, allocating a total of $8.1 million in funding. This initiative follows a recent security incident and is designed to support white-hat investigations into the breach.
The scope of the investigation includes potential attacker identification through both on-chain and off-chain indicators such as wallet connections, social media accounts, and centralized exchange activity. It also covers detailed analyses of transaction flows, including the detection of coin mixers, cross-chain laundering strategies, and general movement of funds. Additional areas of focus include infrastructure footprints like IP addresses, domain names, hosting services, and server-related data linked to the exploit. Investigators are encouraged to submit any further forensic insights that may aid in tracing or de-anonymizing those involved.
Submissions must contain verifiable blockchain transaction data such as transaction hashes, address linkages, and behavioral patterns. Cross-referenced intelligence that ties blockchain activity to centralized exchange accounts, emails, IP addresses, or domain history is also required. Investigators should include technical assessments that may involve heuristic analysis, transaction clustering, and coin-mixing detection. Submissions must demonstrate a complete chain of custody to preserve data integrity, outline the value of the intelligence, and disclose any methods or tools used in the analysis. All contributions must be original and not previously shared.
The reward structure is tiered according to impact. High-impact findings that directly identify the attacker’s real-world identity may receive $5,000 or more. Medium-impact contributions, such as reports linking IP addresses or domain usage, or clustering of assets across chains, may be rewarded between $1,000 and $5,000. Low-impact findings, which may include supplementary on-chain analysis or clarification of fund movement techniques, are eligible for rewards ranging from $100 to $1,000. In addition, if submitted intelligence leads to a successful asset recovery, participants may qualify for an extra reward of between 10% and 30% of the recovered funds. This additional reward will be determined solely by the platform based on the complexity, significance, and overall contribution of the submission.
All provided information must adhere to legal and ethical guidelines. Unauthorized access, system interference, or any illegal methods are strictly forbidden. Furthermore, reports must not include personal identifying information obtained through unlawful means.
BigONE Suffers $27M Security Breach Linked To Social Engineering Attack
In July 2025, BigONE was affected by a security breach involving the use of advanced social engineering techniques. The attackers targeted a single core developer, gaining unauthorized access to specific permissions. This access enabled them to alter parts of the source code during the production environment release process. By temporarily modifying the logic associated with accounting and risk management services, the attackers were able to illicitly transfer approximately $27 million worth of digital assets, including BTC, ETH, SOL, DOGE, and TRX, from a hot wallet.
Following the incident, an initial investigation confirmed that the private keys associated with the platform’s cryptocurrency wallets remained uncompromised. In response, the exchange implemented a series of strengthened security protocols and resumed full operational functionality. All user assets affected by the breach have been fully reimbursed through BigONE’s insurance reserve fund.
The purpose of the current bounty initiative is to support efforts to identify the individuals responsible for this specific security event, trace the movement of the stolen assets, and assist in their recovery. Individuals or groups who submit verifiable information will be eligible for rewards, with additional compensation available if their contributions directly support the successful retrieval of lost funds. Participants offering key intelligence that is confirmed through investigation may receive a percentage of any recovered assets as part of the bounty allocation.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articles
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
