TLDR:
- BingX cryptocurrency exchange suffered a security breach
- Approximately $43 million in assets were stolen
- BingX pledges to fully reimburse affected users
- Withdrawals temporarily suspended for up to 24 hours
- Hackers moved stolen funds through decentralized exchanges
On September 20, 2024, Singapore-based cryptocurrency exchange BingX fell victim to a significant security breach. Hackers managed to drain over $43 million worth of digital assets from the platform’s hot wallet.
The attack was first detected by blockchain security firms PeckShield and De.Fi, who noticed suspicious outflows from BingX’s hot wallet. Initial estimates of the stolen funds ranged from $13 million to $26 million, but further investigation revealed the total amount to be approximately $43 million.
At around 4am 20 Sep Singapore time, our technical team detected abnormal network access, suspecting a hacker attack on BingX's hot wallet. We immediately started our emergency plan, including the urgent transfer of assets and withdraw suspension. There has been minor asset loss,…
— Vivien Lin @ BingX (@Vivien_BingX) September 20, 2024
BingX’s Chief Product Officer, Vivien Lin, confirmed the breach in a statement on social media platform X (formerly Twitter). According to Lin, the exchange’s technical team detected abnormal network access around 4:00 AM Singapore time, suggesting a potential hacker attack on BingX’s hot wallet.
The stolen assets included a variety of cryptocurrencies, with significant amounts of Ethereum (ETH), Binance Coin (BNB), and Tether (USDT) among the mix.
On-chain data shows that the hackers quickly moved to swap the stolen tokens for ETH and BNB using decentralized exchanges like Uniswap and Kyberswap, a common tactic used to obscure the origin of illicitly obtained funds.
In response to the breach, BingX immediately initiated its emergency protocol, which included urgent asset transfers and the suspension of withdrawals. The exchange has assured users that most assets remain secure in cold wallets, with only a small portion affected by the hack.
BingX has committed to fully reimbursing all affected users for any losses incurred due to the hack, using the exchange’s own capital. Lin stated that the total loss is “minimal and manageable” and will not affect ongoing business operations.
As a precautionary measure, BingX has temporarily suspended all withdrawals to conduct urgent security checks and enhance its wallet services. The exchange expects to resume normal withdrawal operations within 24 hours after completing these improvements.
The crypto community has raised questions about BingX’s initial communication regarding the incident. The exchange initially described the situation as “wallet maintenance” before confirming the security breach, leading some industry observers to criticize the lack of transparency.
BingX users are advised to monitor official communication channels for updates on the status of their funds and the resumption of withdrawal services.