Opinion
$74.8M in digital assets compromised in 7 days. What went wrong, and how to prevent the next attack
"These incidents highlight the urgent need for stronger safeguards and more robust infrastructure to protect digital assets in the rapidly evolving crypto landscape," writes Lior Lamesh, co-founder and CEO of GK8.
Within just one week, three major crypto platforms suffered devastating security breaches, leading to the theft of $74.8 million in digital assets. CoinDCX, BigONE, and Arcadia Finance all fell victim to sophisticated attacks exploiting weaknesses in their digital asset custody and operational security. These incidents highlight the urgent need for stronger safeguards and more robust infrastructure to protect digital assets in the rapidly evolving crypto landscape, where cybercriminals are constantly seeking new opportunities to get in.
Three Hacks In One Week
Let's dive into last week's events: On July 15, 2025, DeFi platform Arcadia Finance was exploited for $3.6 million after an attacker abused a vulnerability in its Rebalancer contract by manipulating arbitrary swapData parameters. The attacker created a fake account linked to a vulnerable Rebalancer contract. By passing malicious data to the rebalance function – which didn’t properly validate inputs – the attacker gained access to a victim’s account. When the rebalance call was triggered, it allowed unauthorized swaps that drained assets from user vaults, according to security firm Certik. Stolen assets included 2.3M USDC and 227K USDS. The stolen tokens were then swapped to Wrapped Ethereum (WETH) on the Base network, where Arcadia operates, and bridged over to the Ethereum mainet. Arcadia confirmed the breach and urged users to revoke permissions to rebalancer contracts to avoid further losses.
Crypto exchange BigONE suffered a $27 million loss in a third-party attack on July 16, 2025. BigONE confirmed the attack compromised its hot wallet infrastructure. Advanced social engineering reportedly led to the compromise of a senior developer's environment. Attackers manipulated accounting logic and extracted funds from a hot wallet by deploying tampered code through the version control infrastructure. Stolen assets include 120 BTC, 350 ETH, and large amounts of USDT, SHIB, and CELR. BigONE has pledged to fully compensate users using internal reserves and liquidity borrowing. It remains uncertain whether the company utilizes its own wallet infrastructure or an off-the-shelf product, as the provider was not disclosed.
On July 19, Indian crypto exchange CoinDCX lost around $44.2 million in an attack targeting one of its hot wallets, which, according to the exchange’s CEO, was used for liquidity provisioning. CEO Sumit Gupta pledged to fully cover losses using the company’s treasury, and claimed the account “was compromised due to a sophisticated server breach.” Analysis of the transaction history suggests this likely means the private keys were stolen. The company has not disclosed the technical details of the hack, nor has it identified the wallet provider. Therefore, it remains unclear whether the incident involved their proprietary infrastructure or an off-the-shelf product.
Hackers Will Invest Millions To Steal Billions
Cybercriminals are increasingly sophisticated and determined, investing time and money to exploit vulnerabilities. They meticulously plan attacks and perfect social engineering interfaces to ensure their illicit gains.
Expert Recommendations
In light of these serious incidents, here are key recommendations for financial institutions to help prevent the next attack:
- Store the majority of assets in an impenetrable solution: Keep assets in secure, fully offline long-term custody. Keep only a minimal amount in online-accessible wallets, such as MPC-powered warm wallets, for day-to-day operations.
- Implement multi-layered key management: Ensure the highest level of security by implementing an unlimited number of co-signers. This prevents attackers from completing transactions even if an employee is compromised, as it would require breaching multiple systems or individuals.
- Strengthen developer environment security: Isolate development environments and assume any endpoint could be a point of compromise. To eliminate this risk entirely, use an impenetrable solution that never connects online, not even during the development stage.
- Audit third-party dependencies and infrastructure: Regularly assess and test both internal systems and external service providers. Always use reliable wallet providers.
- Promote internal security awareness: Train staff at all levels – from DevOps to executive teams – to recognize phishing and social engineering. Human-layer security is often the first line of defense.
- Exercise caution when interacting with smart contracts: Funds should only be deposited when absolutely necessary, and even then, only in limited amounts to minimize exposure in the event of a vulnerability or exploit.
The recent wave of breaches serves as a stark reminder that digital asset management can no longer rely on conventional solutions. Today’s landscape requires a transition to truly impenetrable custody infrastructure, robust multi-layered key management, rigorous enforcement of internal controls, and a sophisticated understanding of both financial and technological risks. Organizations holding digital assets must take this moment to thoroughly assess their security frameworks and ensure they are adequately equipped to defend against the evolving threats of tomorrow.
Lior Lamesh is the co-founder and CEO of GK8, acquired by the U.S.-based Galaxy. GK8 develops a platform for managing and securing digital assets for financial institutions.
