DUBAI, UAE, June 9, 2025
On June 3, 2025, KAI Exchange discovered that $5 million was stolen from its margin wallet. KAI operates out of Dubai’s One Central tower, the same building that hosts major exchanges Binance and Bybit. This latest breach follows two other high‐profile hacks linked to One Central, raising questions about whether the shared location exposes all tenants to greater risk.
Binance’s 2019 Hack
In May 2019, Binance lost 7,000 BTC—approximately $40 million at the time—when hackers gained access to private API keys. Although Binance immediately covered customer losses, the stolen funds underscored that even top exchanges can be vulnerable. The incident led Binance to strengthen its internal controls, move more assets into cold storage, and implement enhanced monitoring tools.
Bybit’s 2025 Heist
In February 2025, Bybit suffered a massive breach that saw 400,000 ETH, valued at roughly $1.5 billion, drained from its hot wallets. Early reports suggested that attackers had compromised private key material. In response, Bybit invested heavily in on‐chain surveillance, improved wallet segregation, and hired outside auditors to review its security posture.
KAI’s Recent Loss
KAI’s June 2025 incident involved the unauthorized removal of $5 million from its margin funds. Investigators indicate that the breach stemmed from a weakness in KAI’s own infrastructure rather than any public network flaw. Still, the fact that all three exchanges share One Central has prompted industry observers to ask whether the building’s shared services, including power, cooling, or network backbone, could be a hidden risk factor.
Co‐Location and Shared Infrastructure Risks
Exchanges of this scale do not rely on public Wi-Fi for sensitive operations. They use private, encrypted networks and virtual private networks (VPNs) for internal systems. However, sharing a building means potential overlap in infrastructure components such as network switches, firewalls, or vendor‐managed equipment. If any shared element is misconfigured or left unpatched, attackers might exploit that gap to move laterally between tenants.
At One Central, each exchange maintains separate network segments. Yet mistakes in configuration or delays in applying firmware patches can create a weakness that affects all tenants. While there is no direct evidence that any of these three hacks originated through a shared building vulnerability, the pattern of repeated losses at the same address cannot be ignored.
Steps Taken to Strengthen Security
• Binance moved the majority of its assets into cold storage, limited API key permissions, and implemented stricter internal access controls
• Bybit deployed enhanced real‐time on‐chain monitoring, revised its key management processes, and segregated hot wallet funds into multiple smaller addresses
• KAI adopted multi‐signature wallets, enforced two‐factor authentication for all staff, and rolled out on‐chain surveillance tools to detect unusual transfers immediately
All three exchanges now conduct regular security audits and share threat intelligence where appropriate. They have also engaged third‐party firms to perform penetration tests on any shared network hardware or vendor‐provided systems that serve multiple floors.
Key Takeaway for the Industry
One Central may stand as a landmark for Dubai’s crypto ambitions, but it also illustrates that no location can guarantee absolute safety. The true hotspot for hackers is often weak controls and outdated procedures rather than a specific building. By treating shared infrastructure as a potential risk factor and maintaining rigorous security practices, exchanges can better protect customer funds even in a high‐value co‐location environment.
This report was prepared by Crypto Security Watch.
About Crypto Security Watch
Crypto Security Watch is a Jakarta-based nonprofit that monitors crypto security incidents worldwide. We analyze, verify, and report on breaches and vulnerabilities in real time, providing actionable guidance and best-practice recommendations to help organizations and individuals safeguard their digital assets.
Media Contact
Contact: Muhammad Ihsan, Co-Founder
Website: https://cryptosecuritywatch.com
Email: [email protected]
