WOO X

WOO X Exchange Hack - July 24, 2025

Overview

In July 2025, WOO X — a crypto trading platform based in Taiwan — suffered a $14 million hack. The platform confirmed it had suffered a malicious attack on July 24, 2025, and the incident impacted nine user accounts.

Root Cause

The root cause was a phishing attack. More specifically, the attacker used social engineering to compromise a team member's computer, and from there pivoted to the development environment and exploited trust in the system to drain user accounts.

Attack Vector / Steps

1. Targeted phishing campaign against WOO X team member

2. Compromise of the team member's computer via social engineering

3. Pivot from developer machine into WOO X's development environment

4. Use of trusted internal access to perform withdrawals against user accounts

5. Multiple malicious withdrawal transactions executed over a roughly 2-hour window

6. Withdrawals halted by WOO X after suspicious activity was noticed by Cyvers Alerts and the WOO team

Affected Networks

• Bitcoin

• Ethereum

• BNB Chain

• Arbitrum

Financial Impact

• Total stolen: ~$14 million

• Number of impacted accounts: 9 user accounts

• WOO X paused withdrawals after detection

Response

WOO X stated that users would have all funds covered. The platform contacted affected customers and committed to reimbursing all unauthorized withdrawals resulting from the hack.

Sources

• Explained: The WOO X Hack (July 2025) - Halborn

• Crypto platform WOO X halts withdrawals amid $14m exploit - crypto.news

• Hackers Strike Again: WOO X Exchange Latest Victim in $14 Million Crypto Heist - Blockonomi

• WOO X Exchange Hacked – $14 Million Stolen From User Accounts - BeInCrypto

• $14M WOO X exploit tied to targeted phishing attack - crypto.news