Crypto exchange WOO X reported a security breach on July 24 that resulted in unauthorized withdrawals totaling $14 million across nine user accounts.
Summary
- WOO X exploit has been linked to a phishing-based attack targeting its dev environment.
- 9 user accounts were affected; all losses will be reimbursed.
- The platform remains offline for withdrawals pending a security audit.
The company said in a July 24 statement that the exploit stemmed from a team member’s device being compromised in a targeted phishing attack. This allowed the attacker limited access to the exchange’s development environment.
The first malicious withdrawal was initiated at 13:50 UTC+8, and over the course of the following two hours, more transactions took place. By 15:40 UTC+8, the problem had been identified and contained. While some attempted withdrawals were stopped in time, $14 million was successfully drained before the breach was stopped.
Blockchain security firm Cyvers Alerts flagged over $12 million in suspicious activity connected to WOO X shortly after the incident. Tracked transactions included $1 million in Tether (USDT) sent from a WOO X hot wallet, converted to Ethereum (ETH), then moved to a new address, along with BTCB and BNB (BNB) transactions on BNB Chain. WOO X stated that all affected users will be fully reimbursed.
Withdrawals paused as investigation continues
Withdrawals across the platform were suspended as a precaution, with the exchange saying it is prioritizing a full forensic review and the safe restoration of services. “We are working with external security teams and other exchanges to halt the flow of funds,” the company stated.
WOO X has published six wallet addresses linked to the attacker and is actively tracking the stolen funds across chains. A timeline for restoring withdrawals will be disclosed once the full forensic review is complete.
The company emphasized that the breach was limited to nine high-value accounts and that core infrastructure remains secure.
The incident adds to a rising number of centralized exchange breaches in July. On July 19, CoinDCX was exploited for $44.2 million via a Solana-to-Ethereum bridge, while BigONE lost over $27 million earlier this month from a hot wallet hack.
