In July 2025, WOO X, a crypto trading platform based in Taiwan, suffered a $14 million hack. The root cause of the incident, which impacted nine user accounts, was a phishing attack.
Inside the Attack
The WOO X hack was made possible by a phishing attack targeting one of the company’s team members. With access to the compromised machine, the attacker was able to access the WOO X development environment..
The WOO X hacker then exploited this access to make a series of malicious withdrawal requests for nine user accounts on the platform over the space of approximately two hours. This included stealing funds on multiple chains, including Bitcoin, Ethereum, BNB, and Arbitrum. Once the incident was detected, the WOO X team temporarily halted withdrawals to prevent further malicious requests.
The nine user accounts impacted by the incident had their balances restored from the company’s treasury. After analyzing the incident, the WOO X platform reopened withdrawals to restore normal operations.
Lessons Learned from the Attack
The WOO X incident is emblematic of the recent trend among DeFi hackers to target off-chain systems for high-value hacks. Instead of looking for exploitable smart contract vulnerabilities, which can be identified and addressed via smart contract security audits, attackers look for weaknesses in backend infrastructure and processes.
In this case, the attacker used social engineering to compromise a team member’s computer. From there, they could pivot to the development environment and exploit trust in the system to drain user accounts.
This incident demonstrates the importance of implementing decentralized control within high-value crypto projects. In the case of WOO X, an attacker with access to a single team member’s computer was able to undermine the security model of the entire trading platform. The attacker successfully performed multiple malicious transactions over the course of two hours before the suspicious activity was noticed and the platform disabled withdrawals. According to WOO X, security controls restricted the attacker’s access, but they still had the ability to drain millions from user accounts.
As DeFi hackers grow more sophisticated and increasingly target backend systems and infrastructure, projects need to have strong security controls and processes in place to mitigate these threats. Halborn offers security consulting services that go beyond smart contract audits, helping organizations to design secure systems and processes long before the code is deployed on-chain. To learn more about how Halborn can help your project, get in touch.