$14M WOO X exploit tied to targeted phishing attack of team members device

Crypto exchange WOO X reported a security breach on July 24 that resulted in unauthorized withdrawals totaling $14 million across nine user accounts.

Summary

• WOO X exploit has been linked to a phishing-based attack targeting its dev environment.
• 9 user accounts were affected; all losses will be reimbursed.
• The platform remains offline for withdrawals pending a security audit.

The company said in a July 24 statement that the exploit stemmed from a team member‘s device being compromised in a targeted phishing attack. This allowed the attacker limited access to the exchange’s development environment.

The first malicious withdrawal was initiated at 13:50 UTC+8, and over the course of the following two hours, more transactions took place. By 15:40 UTC+8, the problem had been identified and contained. While some attempted withdrawals were stopped in time, $14 million was successfully drained before the breach was stopped.

We're currently investigating a contained incident that occurred on WOO X earlier today

While user funds and trading are unaffected, withdrawals have been temporarily paused while we complete the investigation.

Stay tuned to this account for updates: https://t.co/qWc9cDhn2z

— WOO X (@_WOO_X) July 24, 2025

You might also like: MEV bot exploit from MIT-educated brothers leads to $25m crypto fraud trial

Blockchain security firm Cyvers Alerts flagged over $12 million in suspicious activity connected to WOO X shortly after the incident. Tracked transactions included $1 million in Tether (USDT) sent from a WOO X hot wallet, converted to Ethereum (ETH), then moved to a new address, along with BTCB and BNB (BNB) transactions on BNB Chain. WOO X stated that all affected users will be fully reimbursed.

Withdrawals paused as investigation continues

Withdrawals across the platform were suspended as a precaution, with the exchange saying it is prioritizing a full forensic review and the safe restoration of services. “We are working with external security teams and other exchanges to halt the flow of funds,” the company stated.

WOO X has published six wallet addresses linked to the attacker and is actively tracking the stolen funds across chains. A timeline for restoring withdrawals will be disclosed once the full forensic review is complete.

The company emphasized that the breach was limited to nine high-value accounts and that core infrastructure remains secure.

The incident adds to a rising number of centralized exchange breaches in July. On July 19, CoinDCX was exploited for $44.2 million via a Solana-to-Ethereum bridge, while BigONE lost over $27 million earlier this month from a hot wallet hack.